Since its inception, the non-profit Council on CyberSecurity has been actively participating in the development of the Cybersecurity Framework. And our Critical Security Controls are called out as one of the “Informative References”.
Even at this early stage, the Framework has come to dominate the national conversation about cybersecurity for the critical infrastructure (and beyond), and we believe it represents an important step towards large-scale and specific improvements in security for the nation.
The Framework is true to its name (“a set of principles, ideas, etc. that you use when you are forming your decisions and judgments” – the MacMillan Dictionary), and it provides a way to organize, conduct, and drive the conversation about security goals and improvements, for individual Enterprise and across communities of Enterprises.
But now the hard work of taking action begins. For the Framework approach to be successful, we - the extended community of stakeholders across the private sector - must see this as our framework, one that requires active participation. We must extend the ideas of the Framework to help Enterprises identify risks and take action, and also build a self-supporting community that learns and shares ideas that work, and identifies and removes barriers.
This is right in line with the model that drives the Council on CyberSecurity (“Making Best Practice Common Practice”), and so we proudly announce our partnership and support for CFORUM – the Cybersecurity Forum. A community-led activity needs a place and a means to gather and share, so let’s start here. Please join us!