cybersecurity framework

Information Security Framework aka System Compliance

January 15, 2016 by Bruce Brown Leave a Comment

What are Cyber Security Standards?
These are rules that put in place to protect every aspect of an information system.

Also know as information system security standards, information security framework, security system compliance, information system compliance, risk management framework. There are also many types that specialize on different functions of a given industry. For example the medical industry has a standard for protecting patient information called HIPAA which is an acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. And there is a standard for protecting point of sale and merchant systems called PCI. There are many others.. but the mission is the same… to protect the confidentiality, availability and integrity of important data.

Cybersecurity Workforce Framework APP (part 1)

July 27, 2015 by Bruce Brown Leave a Comment

Cybersecurity Workforce Framework 8140 — Cybersecurity Workforce Framework

App now available on the app store

We are working on an app that will allow quick navigation of the National Cybersecurity Workforce Framework version 2. It will be pretty simple for now.

Version 1.x features Will Include:

All Categories mapped to Special Areas
All KSA
All TSA

In future versions we will include certifications that apply to each Special Area. I am waiting for DoDD 8140 because I think it will match up with National Cybersecurity Workforce Framework version 2.

Cybersecurity Framework

April 30, 2014 by Bruce Brown Leave a Comment

Adam Sedgewick, Senior Information Technology Policy Advisor at the National Institute of Standards and Technology (NIST) spoke at RSA Conference 2014.

Adam Sedgewick touched on the key elements of the cyber security framework. Cyber security is designed for critical infrastructure operators to safeguard their information assets.

Adam addresses critics who say the framework is over simplified to be effective.

Cyber security framework will evolve from version 1 that was issued in mid-February (see NIST Releases Cybersecurity Framework).

More on Critical Infrastructure Framework Cyber security. This document is a guide for implementing Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,”

Adam represents NIST on the Department of Commerce Internet Policy Task Force and advices NIST leadership on cybersecurity issues:

“Recognizing the role that the protection of privacy and civil liberties plays in creating greater public trust, the Executive Order requires that the Framework include a methodology to protect individual privacy and civil liberties when critical infrastructure organizations conduct cybersecurity activities. Many organizations already have processes for addressing privacy and civil liberties. The methodology is designed to complement such processes and provide guidance to facilitate privacy risk management consistent with an organization’s approach to cybersecurity risk management. Integrating privacy and cybersecurity can benefit organizations by increasing customer confidence, enabling more standardized sharing of information, and simplifying operations across legal regimes.” — Cyberframework