Security frameworks offer a common yard stick for assessing an organization’s security stance, gap analysis and comparing organizations. However, security standards can also be voluminous piles of paper that everyone talks but doesn’t actually read — or implement.
The National Institute of Standards and Technology (NIST) has a good reputation for producing workable standards that people actually use, and their recently-updated Framework for Improving Critical Infrastructure Cybersecurity has become the defining standard not just for organizations in the federal space required to use it, but also for voluntary implementers in local government and also the private sector.
The Framework document is short enough for anyone to get their arms around it, and the good news is that you can start using it in tentative steps prior to organization-wide adoption.
In this on-demand webcast, security expert Randy Franklin Smith will join Quest expert Bryan Patton to walk through the NIST Framework document and explore how it helps tackle specific security issues. Randy and Bryan will then explore what has changed most recently in the Framework to draw attention to software, hardware and service supply chain risks.