As just about anyone who comments on cybersecurity issues
has noted on a wide variety of social networking outlets the last couple of
days, the folks at the NIST Information Technology Laboratory (ITL) published
the promised Discussion Draft of the Preliminary Cybersecurity Framework. The
tweaking of this document will be one of the prime activities that will take
place next month at the 4th Cybersecurity Framework Workshop in
Dallas, TX.
Actually the ITL folks have been much more prolific than
that. There are actually four new discussion draft documents posted to their
Cybersecurity Framework web site as well as an updated
draft agenda for the Dallas Workshop. The four new discussion draft
documents are:
• The Executive
Overview;
• A collection of Illustrative
Examples;
• A control system specific illustrative
example, an ICS
Profile for the Electrical Subsector.
Each of the above documents deserve detailed examination and
I’ll probably comment on them in more detail (particularly the last document) in
future posts. Today I’ll take a quick look at the new draft agenda focusing on
the changes from the previous
version posted earlier this month. There are no real changes to the agenda,
just a fleshing out of some of the details.
The previously ‘to be determined’ panel discussions have now
been identified:
• Threat Panel (9-11 am) – a discussion
of “how threat information can inform the development of the Cybersecurity
Framework and how it can be utilized in an organization’s risk management
process”;
• Insurance Panel (9-12 am) – a discussion
of “the current state of the cybersecurity insurance market, how the
Cybersecurity Framework could help insurance carriers grow the first-party
market and be incorporated into underwriting/brokering processes, and
anticipated challenges that may arise”;
• Cross-sector Panel (9-12 am) – a discussion
of the “applicability of the Cybersecurity • Framework to a range of diverse
sectors and organizations”; and
• Implementation Panel (9-13 am) –
a discussion of “the harmonization of existing practices and standards with the
Cybersecurity Framework”.
The breakout groups that will form the working sessions have
also been identified:
• Framework Presentation and Tools;
• Framework Implementation Tiers;
• Framework Governance;
• Areas for Improvement for the
Cybersecurity Framework;
• Executive Engagement; and
• DHS Voluntary Program
It certainly looks like an interesting workshop and I look
forward to being able to participate.
Posts
No comments:
Post a Comment