Recently, the US National Institute on Standards and
Technology (NIST) published a Framework on improving Critical Infrastructure Cybersecurity. It is a risk
management tool designed to help companies with the detection, protection, and assessment of cyber-attacks. While it is focused on 16 sectors identified as "critical infrastructures", companies in
other industries are encouraged to apply them as well.
Although criticized for being overly broad and “toothless”,
this framework nonetheless marks an important step in US cybersecurity policy. Further,
as suggested by a SLAW post on the framework, while the guidelines have no
formal legal effect, they nonetheless establish the “scope of what is
considered foreseeable in the event of incident”. In other words, the
guidelines can be considered as establishing the industry standard and may be
applied in negligence cases.
Here's link to the article: http://www.sourcingspeak.com/2014/02/client-alert-national-cybersecurity-framework-released---has-your-organization-considered-the-implic.html#page=1
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.