by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : July 15, 2014
28 July 15, 2014 FCW.COM BY MICHAEL BROWN The emergence of mobile/cloud comput- ing has been breathtaking in its speed of adoption and growth. The wake these technologies are creating is capsizing business models and practices while generating new waves of innovation and creation. At the same time, the cyberse- curity strategies that organizations rely on to help them safely navigate these new challenges and opportunities are also undergoing a sea change. Mobile and cloud technologies have eroded the digital perimeter that orga- nizations have traditionally used as the foundation of their security practices. Many of our tried-and-true security practices --- such as rewalls, antivirus tools and intrusion-detection systems --- are increasingly insuf cient against the deluge of our digital adversaries. The landscape is changing, and we need a new map. Fortunately, the public and private sectors have begun to draft one. In early 2013, President Barack Obama issued Executive Order 13636, which calls for the development of a volun- tary framework that would help man- age the cybersecurity risk for our most critical infrastructure. In early 2014, following an industry- led period of discussion and collabora- tion, the National Institute of Standards and Technology issued Version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity. The goal is to create an open, business-centric framework for managing digital risk that provides guidance to organizations of any size, risk pro le or cybersecurity sophistication. The framework consists of three parts: the Core, Implementation Tiers and Pro le. In overly simplistic terms, those elements provide a structure for thinking about managing cybersecurity risk (Core), benchmarking an organiza- tion s risk management practices and needs (Implementation Tiers), and creating a road map for achieving an organization s desired risk management maturity (Pro le). The Core delineates ve key func- tions of an effective cybersecurity risk management program: identify, protect, detect, respond and recover. • "Identify" refers to understanding the business impact of an organization s digital resources and the risks asso- ciated with the compromise of those resources. • "Protect" refers to the element of cybersecurity on which we tradition- ally focus: the processes and technol- ogy controls designed to reduce our exposure to digital risk. • "Detect" has risen in importance in recent years, as it has become clear that preventing cyberattacks is a quix- otic task and that rapid detection con- tributes to greater risk reduction. • "Respond" is the necessary next step after detection and refers to ,an organi- How it works THE CYBERSECURITY FRAMEWORK ANDYOU Deconstructing the Core, Tiers and Pro le that have emerged from Obama s executive order on securing critical infrastructure
June 15, 2014
July 30, 2014