PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
April 2014 Vol. 16 / No. 3

Data encryption, notification and the NIST Cybersecurity Framework

The Framework for Improving Critical Infrastructure Cybersecurity, newly released by the U.S. Commerce Department's National Institute of Standards and Technology (NIST), got tremendous play a year ago at the RSA Conference in San Francisco. Even though NIST is a non-regulatory federal agency, a capacity crowd attended former head of Homeland Security Michael Chertoff's talk during the "Special Forum on Cybersecurity: New Directions from the White House" session at the annual security confab. Kathleen Richards Released on February 12, the NIST Cybersecurity Framework Version 1 debuted on schedule -- in time for this year's RSA Conference. Despite collaboration among government, industry and academia to develop the "voluntary, risk-based" framework, the initial clamor of the information security crowd has dissipated because little has changed. While the president's executive order proclaimed that the private sector should voluntarily follow the NIST cybersecurity guidelines -- which offer organizations, regulators and customers ...

Features in this issue

Columns in this issue