The National Institute of Standards and Technology (NIST) recently released a new draft of the Cyber Security Framework (CSF) for critical infrastructure. However, security experts say the self-regulatory and voluntary aspects of the CSF mean the standard lacks teeth.
How can NIST improve their framework?
Listen to Episode 97 of our Security Slice podcast and hear Dwayne Melançon and Lamar Bailey discuss the difference between acceptable risks and unacceptable risks, the value of reliable security metrics, and why choosing a security framework is like ordering at a Chinese restaurant.
Click Here to Listen to the Podcast
- Security Slice: Fifty (New) Shades of HIPAA
- Security Slice: The Literal Cost of Government Surveillance
- Security Slice: Welcome to Open Source Warfare
- Security Slice: Stepping Up Standards for Disclosures
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock