This is the eighth and final episode in this series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners - be they from the commercial sector, government enterprise, or academic institutions - using the concept of first principles.
These episodes are companion pieces to the CyberWire column of the same name called CSO Perspectives. I mention this because we have come to the conclusion of the podcast's first season. We’re pausing for a bit to give us a chance to prepare the second season. In a few weeks, we will pick up right where we left off. For this last episode in the series though, I thought I’d take a moment and summarize how we got here and why. In both, the essays and the podcasts, I have attempted to build a strategy wall, brick by brick, for a cyber security infosec program based on first principles.
- CIS: Center for Internet Security: Voluneer-expert coalition of 20 controls. https://www.cisecurity.org/
- “Collaboration Drives NIST Cybersecurity Framework Updates,” US Signal Blog, 14 June 2018, last visited 17 June 2020.
- “Cybersecurity Frameworks 101 – The Complete Guide,” by NICOLAS POGGI, The MIssing Report, 29 February 2020, last visited 17 June 2020.
- “Executive Order -- Improving Critical Infrastructure Cybersecurity EXECUTIVE ORDER: IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY,” President BARACK OBAMA, the White House President Barack Obama, 12 February 2013, Last visited 17 June 2020.
- “Framework for Improving Critical Infrastructure Cybersecurity,” National Institute of Standards and Technology, Version 1.1, 16 April 2018, Last visited 17 June 2020.
- “History and Creation of the Framework,” National Institute of Standards and Technology, 21 November 2019, Last visited 17 June 2020.
- ISA 62443: Industrial Society of Automation: Security for Industrial Automation and Control Systems
- ISO 27002: the international standard that outlines the specifications for an information security management system (ISMS).
- “NIST Cybersecurity Framework Adoption Hampered By Costs, Survey Finds,” by Staff, Dark Reading, 30 March 2016, Last visited 17 June 2020.
- NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations
- “Participation as Security: Policy Analysis of the NIST’s Framework for Improving Critical Infrastructure Cybersecurity.” by Karande, Aarshin, Unpublished manuscript, The London School of Economics and Political Science, 2017, Last visited 17 June 2020.
- “TRENDS IN SECURITY FRAMEWORK ADOPTION: A SURVEY OF IT AND SECURITY PROFESSIONALS,” by Dimension Research, March 2016, , Last visited 17 June 2020.