Cyber Tactics Column

RSS

This article is the twelfth in our ongoing series exploring the NIST Cybersecurity Framework. 

Network security practitioners often look to solve technical problems with technical solutions: “The engineers got us into this mess; they can get us out of it.”

When students and staff at the Coast Guard Academy needed their laptops and mobile phones repaired, they called Larry Mathews. For over a decade, Mathews owned the local computer repair shop. Then he pleaded guilty to computer intrusion.

Tell somebody that you’re planning to make a plan, and you’ll get some snide looks. But tell somebody that you have a good plan in place, and it instills a sense of preparation and confidence.

Cybersecurity is a topic so broad that the NIST Framework addresses the concept of “Data Security” as just one of 22 important risk categories.

The NIST Framework lists “awareness and training” as a key component of network protection. But how do you go about it? 

As part of our continuing series on the NIST Framework, we completed our review of the “Identify” category last month.  

Starting last August, we began the current series of articles to provide our readers with a deep dive into the NIST Framework and its approach to Identify, Protect, Detect, Respond to and Recover from cybersecurity incidents.

Privacy considerations are rising in business significance, and not simply as a matter of data breach liability.

Placed within the Identify function of the NIST Cybersecurity Framework is a category called Risk Assessment.