White House pushes cybersecurity framework for critical infrastructure

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9246266/White_House_pushes_cybersecurity_framework_for_critical_infrastructure

By Grant Gross
IDG News Service
February 12, 2014

A new cybersecurity framework released Wednesday by the Obama 
administration aims to help operators of critical infrastructure develop 
comprehensive cybersecurity programs.

The voluntary framework creates a consensus on what a good cybersecurity 
program looks like, senior administration officials said. The 41-page 
framework takes a risk management approach that allows organizations to 
adapt to "a changing cybersecurity landscape and responds to evolving and 
sophisticated threats in a timely manner," according to the document.

Organizations can use the framework to create a "credible" cybersecurity 
program if they don't already have one, said one senior Obama 
administration official. "The key message is that cybersecurity is not 
something you just put in place and walk away," the official said, in a 
background press briefing. "There's no prescription or magic bullet for 
cybersecurity. There are only well-conceived, proven ways of continuously 
managing the risks."

The framework, building on a presidential directive from a year ago, can 
help "companies prove to themselves and to their stakeholders that good 
cybersecurity can be the same thing as good business," the official said.

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/