Everything posted by LWanless
I came across these two articles today whilst performing a little research on the Framework. It is hard to believe that it has been a year since the Framework was released to industry. Some major steps have been made but there is more to do. The first article published by The White House 02-03-2015 lists the below as commitments to the Framework. Intel is releasing a paper on its use of the Framework and requiring all of its vendors to use the Framework by contract. Apple is incorporating the Framework as part of the broader security protocols across its corporate networks. Bank of America will announce that it is using the Framework and will also require it of its vendors. U.S. Bank and Pacific Gas & Electric are announcing that they are committed to using the Framework. AIG is starting to incorporate the NIST framework into how it underwrites cyber insurance for large, medium-sized, and small businesses and will use the framework to help customers identify gaps in their approach to cybersecurity. QVC is announcing that it is using the Cybersecurity Framework in its risk management. Walgreens is announcing its support for the Cybersecurity Framework and that it uses it as one of its tools for identifying and measuring risk. Kaiser Permanente is committing to use the Framework. Source: http://www.whitehouse.gov/the-press-office/2015/02/13/fact-sheet-white-house-summit-cybersecurity-and-consumer-protection ACFEA's Signal Magazine also wrote a nice piece in support of the Framework. http://www.afcea.org/content/?q=happy-birthday-nists-cybersecurity-framework To all that have been involve since the beginning and since. This is good work and thank you!! Happy Birthday Cybersecurity Framework.
This morning I was pursuing my LinkedIn connections, as I do every morning, actually several times a day. One of my connections posted an article that was recently published by the AFCEA Signal Online edition. http://www.afcea.org/content/?q=node/13619 The article speaks to DHS, SAFETY Act and the potential for litigation. Below is a brief excerpt: "The framework signals the risk of cyber attacks, but it also opens the argument for claiming organizations did not take reasonable care of duty to protect their assets. Dismas Locaria, partner, Venable LLP, explains, “Negligence lawsuits stem out of a reasonable duty to protect against harm.” The SAFETY Act’s existence encouraged companies to bring to market the counterterrorism technologies the government and others need amid fear after 9/11 that, in another attack, they could be liable for tens of millions of dollars if their capabilities had problems. Fast-forward a few years and cybersecurity has become a significant concern for the government, especially as enemies a world away can reach into networks to wreak havoc. Entities need to firm defenses, and one method is through regulation." What is the feeling in the community about adoption of the Framework and what is your personal opinion?