Adam Sedgewick, Senior Information Technology Policy Advisor at the National Institute of Standards and Technology (NIST) spoke at RSA Conference 2014.
Adam Sedgewick touched on the key elements of the cyber security framework. Cyber security is designed for critical infrastructure operators to safeguard their information assets.
Adam addresses critics who say the framework is over simplified to be effective.
Cyber security framework will evolve from version 1 that was issued in mid-February (see NIST Releases Cybersecurity Framework).
More on Critical Infrastructure Framework Cyber security. This document is a guide for implementing Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,”
Adam represents NIST on the Department of Commerce Internet Policy Task Force and advices NIST leadership on cybersecurity issues:
“Recognizing the role that the protection of privacy and civil liberties plays in creating greater public trust, the Executive Order requires that the Framework include a methodology to protect individual privacy and civil liberties when critical infrastructure organizations conduct cybersecurity activities. Many organizations already have processes for addressing privacy and civil liberties. The methodology is designed to complement such processes and provide guidance to facilitate privacy risk management consistent with an organization’s approach to cybersecurity risk management. Integrating privacy and cybersecurity can benefit organizations by increasing customer confidence, enabling more standardized sharing of information, and simplifying operations across legal regimes.” — Cyberframework