Thursday, August 18, 2022
  • PwC Survey Finds C-Level Execs View Cybersecurity as Biggest Risk
  • Building a modern API security strategy — API protection
  • How to scan for cybersecurity risks on every commit with CodeSec & Git Hooks
  • CyRC Case Study: Exploitable memory corruption using CVE-2020-25669 and Linux Kernel
  • Secure serverless code for free with CodeSec – Now available in AWS Marketplace

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » NIST Framework for Critical Infrastructure Cybersecurity

SBN

NIST Framework for Critical Infrastructure Cybersecurity

by Anastasios Arampatzis on November 26, 2018

Four years after the initial iteration was released, the National Institute of Standards and Technology (NIST) released version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity.

AppSec/API Security 2022

The framework was initially developed to be a voluntary, risk-based framework to improve cybersecurity for critical infrastructure in the United States. It’s the result of an Executive Order 13636 issued by President Obama calling for the development of a set of standards, guidelines and practices to help organizations charged with providing the nation’s financial, energy, health care and other critical systems better protect their information and physical assets from cyber attack.

Like the first version, Version 1.1 of the framework was created through public-private collaboration via a series of recommendations, drafts and comment periods.

Changes to Version 1.1 include updates on authentication and identity, self-assessing cybersecurity risk, managing cybersecurity within the supply chain and vulnerability disclosure, among others.

Review of changes

For one, the update has renamed the Access Control Category to Identity Management and Access Control to better account for authentication, authorization and identity-proofing.

It also has added a new section named “Section 4.0 Self-Assessing Cybersecurity Risk with the Framework” that explains how the framework can be used by organizations to understand and assess their cybersecurity risk, including the use of measurements.

“The development of cybersecurity performance metrics is evolving. Organizations should be thoughtful, creative, and careful about the ways in which they employ measurements to optimize use, while avoiding reliance on artificial indicators of current state and progress in improving cybersecurity risk management. Judging cyber risk requires discipline and should be revisited periodically,” the document reads.

On the supply-chain front, an expanded Section 3.3 helps users better understand risk management in this arena, while a new section (3.4) focuses on buying decisions and (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Anastasios Arampatzis. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/nist-framework-critical-infrastructure-cybersecurity/

November 26, 2018November 26, 2018 Anastasios Arampatzis Critical Infrastructure, ICS Security, NIST
  • ← DerbyCon 2018, Jon Gorenflo’s ‘Ubiquitous Shells’
  • Catching Configuration Changes that Can Lead to Data Exposure →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Most Read on the Boulevard

Gmail Lets Candidates Spam You — FEC FAIL
The Power of Provenance: From Reactive to Proactive Cybersecurity
Lacework Adds Time Series Modeling to Cybersecurity Platform
Incident Response Teams Fight Back With Virtual Patching
The Importance of Timely Patching
Aspen Security Forum 2022 – Moderator: Courtney Kube – Niamh King’s Opening Remarks & National Security Today: Emerging Challenges and Opportunities
The Week in Cybersecurity: MFA shortcomings paved the way for Cisco breach
XKCD ‘Coffee Cup Holes’
Black Hat: We Should Have Seen The Colonial Ransomware Attack Coming
Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

Upcoming Webinars

Mon 22

API Security

August 22 @ 1:00 pm - 2:00 pm
Wed 24

Implementing Identity Access Prioritization and Risk-Based Alerting for High-Fidelity Alerts

August 24 @ 1:00 pm - 2:00 pm
Tue 30

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

August 30 @ 1:00 pm - 2:00 pm
Sep 15

Finding Suspicious Events with AWS CloudTrail: Fundamentals and Best Practices

September 15 @ 11:00 am - 12:00 pm
Sep 19

Identity Zero-Trust: From Vision to Practical Implementation

September 19 @ 11:00 am - 12:00 pm
Sep 20

SaaS Security Trends, Challenges and Solutions for 2022

September 20 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

Gmail Lets Candidates Spam You — FEC FAIL
Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity DevOps Editorial Calendar Featured Governance, Risk & Compliance Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches 

Gmail Lets Candidates Spam You — FEC FAIL

August 15, 2022 Richi Jennings | 3 days ago 0
MiCODUS Car Trackers are SUPER Vulnerable and Dangerous
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Editorial Calendar Featured Identity & Access Identity and Access Management Incident Response Industry Spotlight IoT & ICS Security Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

MiCODUS Car Trackers are SUPER Vulnerable and Dangerous

July 21, 2022 Richi Jennings | Jul 21 0
How AI Secures the Future of Digital Payments
Application Security Cloud Security Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

How AI Secures the Future of Digital Payments

July 18, 2022 Natasha Lane | Jul 18 Comments Off on How AI Secures the Future of Digital Payments

Top Stories

Task Force Gives SMBs Blueprint to Defend Against Ransomware
Application Security Cybersecurity Data Security Featured Incident Response News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

Task Force Gives SMBs Blueprint to Defend Against Ransomware

August 18, 2022 Teri Robinson | Yesterday 0
Radware Report Sees Major Spike in DDoS Attacks
Featured News Spotlight Uncategorized 

Radware Report Sees Major Spike in DDoS Attacks

August 17, 2022 Michael Vizard | 1 day ago 0
AuditBoard Adds Ability to Assess Third-Party Risk
Featured News Spotlight Uncategorized 

AuditBoard Adds Ability to Assess Third-Party Risk

August 16, 2022 Michael Vizard | 2 days ago 0

Security Humor

Daniel Stori's 'terminal transparency'

Daniel Stori’s ‘terminal transparency’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.