The landscape of computer security is changing on an almost daily basis. Trying to keep on top of it is hard enough for a single network administrator. I can only imagine how much that would multiply when trying to come up with a sweeping national policy.
In an effort to meet an executive order issued in February, the National Institute of Standards and Technology announced the release of a draft outline. Titled “Preliminary Framework to Reduce Cyber Risks to Critical Infrastructure,” it calls upon members of the public or the private sector to put in their two cents on the subject of cybersecurity
The draft document outlines what sort of information is needed in each section, as well as an executive overview that will cover the general purpose of the final document. Also included on the NIST site is a five-category chart you can fill out that pertains to your organization’s security capabilities and needs. NIST advises anyone who wants to help out with this project to start with this chart.
The folks at NIST seem happy for the help. “We are pleased that many private sector organizations have put significant time and resources into the framework development process,” said Adam Sedgewick, senior information technology policy adviser at NIST. “We believe that both large and small organizations will be able use the final framework to reduce cyberrisks to critical infrastructure by aligning and integrating cybersecurity-related policies and plans, functions and investments into their overall risk management.”
If you have ideas you would like to contribute, you can find all you need to get started at the NIST website. But hurry, the folks at NIST want to assemble as much information as they can before their next workshop, which commences July 10.