Access your Pro+ Content below.
Data encryption, notification and the NIST Cybersecurity Framework
This article is part of the April 2014 Vol. 16 / No. 3 issue of Information Security magazine
The Framework for Improving Critical Infrastructure Cybersecurity, newly released by the U.S. Commerce Department's National Institute of Standards and Technology (NIST), got tremendous play a year ago at the RSA Conference in San Francisco. Even though NIST is a non-regulatory federal agency, a capacity crowd attended former head of Homeland Security Michael Chertoff's talk during the "Special Forum on Cybersecurity: New Directions from the White House" session at the annual security confab. Kathleen Richards Released on February 12, the NIST Cybersecurity Framework Version 1 debuted on schedule -- in time for this year's RSA Conference. Despite collaboration among government, industry and academia to develop the "voluntary, risk-based" framework, the initial clamor of the information security crowd has dissipated because little has changed. While the president's executive order proclaimed that the private sector should voluntarily follow the NIST cybersecurity guidelines -- which offer organizations, regulators and customers ...
Features in this issue
This Beyond the Page focuses on how mobile application management can help CISOs move beyond consumer-oriented endpoints and their security tradeoffs.
Combating the wrong enemy? Evolving threats and new attack surfaces demand your mobile security strategy keep pace.
Organizations face a dangerous threat landscape that demands new endpoint security controls and oversight.
As Cisco rolls out a hardware-based alternative to software-defined networking approaches, what does it all mean for security?
Columns in this issue
Awkward? The NIST Cybersecurity Framework arrives as the U.S. government struggles to counter negative reports on its data privacy and encryption standards.
When will big data technologies move past the hype and help security teams?
With the field in urgent need of practitioners, the chief of a new cybersecurity program at a small women's college believes he can make a difference.