The NIST has published a voluntary framework to reduce cyber risk to critical infrastructure as a result of a directive inside the President's execute order for improving critical infrastructure cybersecurity. The core of this framework is composed of a function matrix and a framework implementation level matrix. The function matrix contains the five top-level cybersecurity functions, which are:
The function matrix becomes part of the critical operations manual, as it contains detailed functions pertaining to each organization on how to increase security levels, making all of them part of the business day-to-day tasks. The framework implementation level defines three implementation levels from three perspectives: the senior executive role, the business process manager and the operational managers. The goal of this matrix is to reflect the cybersecurity state of the critical infrastructure from the previous role perspectives. While this framework is still in draft state, I consider it a breakthrough in increasing the level of security of critical infrastructure, as critical infrastructure officers of the companies have always been reluctant to implement security measures as in the IT normal world because it goes against the way their operating processes work and because managers of these areas see no value added in these tasks. This framework shows them information security as part of their function and shows a way to integrate seamless to the normal business operation, as they work same process to prevent operation risks to the critical infrastructure, like power disruption, pipe explosion, transformer damage an many others. You can find the framework core at http://www.nist.gov/itl/upload/draft_framework_core.pdf.
Manuel Humberto Santander Peláez |
Manuel Humberto Santander Pelaacuteez 195 Posts ISC Handler Jun 30th 2013 |
Thread locked Subscribe |
Jun 30th 2013 9 years ago |
Hi,
Do you have more information on the 3 Framework Implementation levels ? Each level corresponds to one function, one categorie and one sub-categorie ? It's not crystal clear for me. Thanks in advance ! |
Anonymous |
Quote |
Jul 1st 2013 9 years ago |
Actually, It may just mean that there are 3 levels of maturity and you write down your comment on the column that seems appropriate.
|
Anonymous |
Quote |
Jul 1st 2013 9 years ago |
I believe Manuel explained the levels in his posting, "The framework implementation level defines three implementation levels from three perspectives: the senior executive role, the business process manager and the operational managers. The goal of this matrix is to reflect the cybersecurity state of the critical infrastructure from the previous role perspectives."
So the levels correspond with organizational roles, 1) Senior Executives 2) Business Process Managers 3) Operational Managers Hope this helps. |
Skid 3 Posts |
Quote |
Jul 2nd 2013 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!