Wednesday, August 7, 2013

First Look at Cyber Security Incentive Ideas, Companion to NIST's Framework Work

I'll oversimplify this to keep it short, but the President kicked all of this off earlier this year in wake of failed cyber security legislation efforts in 2010 (GRID Act) and 2012 (Cybersecurity Act of 2012).

The two primary vectors on this project have included:

  1. Having NIST lead the charge to develop a new cyber security framework (i.e., pattern, roadmap, guidance) made up of references to existing guidance that seem to work well. On twitter this effort is tagged #NISTCSF
  2. A parallel initiative to develop incentives that might improve the business case for being more proactive on cyber security.
The incentive categories were just made public, and so far include :
  • Cybersecurity Insurance
  • Grants
  • Process Preference
  • Liability Limitation
  • Streamline Regulations
  • Public Recognition
  • Rate Recovery
  • Cybersecurity Research
Liability and insurance are going to be the thorniest.  And rate recovery help, if workable, sounds promising.

You ran read The Hill's coverage and the original White House text via URLs below, as well as check out the current status and next activities related to the framework.

----

URLs

The Hill

http://thehill.com/blogs/hillicon-valley/technology/315795-white-house-publishes-preliminary-list-of-cybersecurity-incentives

White House

http://www.whitehouse.gov/blog/2013/08/06/incentives-support-adoption-cybersecurity-framework

NIST CSF

http://www.nist.gov/itl/cyberframework.cfm

1 comment:

  1. I have read above post.Thanks for sharing your ideas.Your blog has always attracted me and this particular post left me speechless. It is one of the best pieces of writing I have seen.
    Home Security Systems Vaughan

    ReplyDelete