Cybersecurity first principles: end of season summary.

Show Notes

This is the eighth and final episode in this series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners - be they from the commercial sector, government enterprise, or academic institutions - using the concept of first principles.

These episodes are companion pieces to the CyberWire column of the same name called CSO Perspectives. I mention this because we have come to the conclusion of the podcast's first season. We’re pausing for a bit to give us a chance to prepare the second season. In a few weeks, we will pick up right where we left off. For this last episode in the series though, I thought I’d take a moment and summarize how we got here and why. In both, the essays and the podcasts, I have attempted to build a strategy wall, brick by brick, for a cyber security infosec program based on first principles.

Resources:

CIS: Center for Internet Security: Voluneer-expert coalition of 20 controls. https://www.cisecurity.org/
“Collaboration Drives NIST Cybersecurity Framework Updates,” US Signal Blog, 14 June 2018, last visited 17 June 2020.
“Cybersecurity Frameworks 101 – The Complete Guide,” by NICOLAS POGGI, The MIssing Report, 29 February 2020, last visited 17 June 2020.
“Executive Order -- Improving Critical Infrastructure Cybersecurity EXECUTIVE ORDER: IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY,” President BARACK OBAMA, the White House President Barack Obama, 12 February 2013, Last visited 17 June 2020.
“Framework for Improving Critical Infrastructure Cybersecurity,” National Institute of Standards and Technology, Version 1.1, 16 April 2018, Last visited 17 June 2020.
“History and Creation of the Framework,” National Institute of Standards and Technology, 21 November 2019, Last visited 17 June 2020.
ISA 62443: Industrial Society of Automation: Security for Industrial Automation and Control Systems
ISO 27002: the international standard that outlines the specifications for an information security management system (ISMS).
“NIST Cybersecurity Framework Adoption Hampered By Costs, Survey Finds,” by Staff, Dark Reading, 30 March 2016, Last visited 17 June 2020.
NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations
“Participation as Security: Policy Analysis of the NIST’s Framework for Improving Critical Infrastructure Cybersecurity.” by Karande, Aarshin, Unpublished manuscript, The London School of Economics and Political Science, 2017, Last visited 17 June 2020.
“TRENDS IN SECURITY FRAMEWORK ADOPTION: A SURVEY OF IT AND SECURITY PROFESSIONALS,” by Dimension Research, March 2016, , Last visited 17 June 2020.

HOST(S):

Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.

Schedule: Mondays (in season)

Credits: Edited by John Petrik and executive produced by Peter Kilpe. Our theme song is by Blue Dot Sessions, remixed by the insanely talented Elliott Peltzman, who also does the show's mixing, sound, and original score

Creator: CyberWire, Inc.