SlideShare a Scribd company logo

D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T

Download as DOCX, PDF
O
OllieShoresna

D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T L A W 3 The NIST Cybersecurity Framework: Overview and Potential Impacts By Lei Shen W ith the recent and increasing number of high- profile data breaches, businesses are becoming increasingly concerned about cybersecurity. Such data breaches have cost the affected companies millions of dollars due to liability, lawsuits, reduced earnings, decreased consumer trust, and falling stock prices, while putting consumers at risk. Even though the recent attacks have targeted consumer data, such attacks may have even greater impact when targeted at the nation’s critical infrastructure. The White House acknowledged this when it issued Executive Order 13636,1 which required the National Institute of Standards and Technology (NIST), a non-regulatory agency of the Department of Commerce, to develop a “cybersecurity framework” to help regulators and indus- try participants identify and mitigate cyber risks that potentially could affect national and economic security. To develop the framework and gain an under- standing of the current cybersecurity landscape, NIST consulted hundreds of security professionals in the industry. It held a number of workshops that were attended by many participants from the private sec- tor, and it reviewed numerous comments to the drafts of the proposed framework that it posted for review.2 More than 3,000 individuals and organizations con- tributed to the framework.3 On February 12, 2014, NIST released its final cybersecurity framework, titled “Framework for Improving Critical Infrastructure Cybersecurity” (hereinafter Framework).4 Through the collaborative public-private partnership, the resulting Framework adopts industry standards and best practices to provide a set of voluntary, risk-based measures that can be used by organizations to address their cybersecurity risk. Although the goal of the Framework is to better protect critical infrastructure,5 such as banks and utili- ties, from cyber attacks, the Framework is a flexible and technology-neutral document that can be used by organizations of any size, sophistication level, or degree of cyber risk. Organizations can use the Framework as a guideline to assess their existing cybersecurity program or to build one from scratch, set goals for cybersecurity that are in sync with their business environment, pri- oritize opportunities for improvement, or establish a plan for improving or maintaining their cybersecurity. The Framework also is a valuable tool to help executives understand their company’s security prac- tices. Executives may use the Framework to see how their company’s cybersecurity practices measure up to the Framework’s standards, understand where the company’s vulnerabilities lie, and determine if they are doing enough. While the Framework is voluntary and may be criticized as being little more than a compilation of established industry securit ...

Education
1 of 16
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T L A W 3 The NIST Cybersecurity Framework: Overview and Potential Impacts By Lei Shen W ith the recent and increasing number of high- profile data breaches, businesses are becoming increasingly concerned about cybersecurity. Such data breaches have cost the affected companies millions of dollars due to liability, lawsuits, reduced earnings, decreased consumer trust, and falling stock prices, while putting consumers at risk. Even though the recent attacks have targeted consumer data, such attacks may have even greater impact when targeted at the nation’s critical infrastructure. The White House acknowledged this when it issued Executive Order 13636,1 which required the National Institute of Standards and Technology (NIST), a non-regulatory agency of the Department of Commerce, to develop a “cybersecurity framework” to help regulators and indus- try participants identify and mitigate cyber risks that
potentially could affect national and economic security. To develop the framework and gain an under- standing of the current cybersecurity landscape, NIST consulted hundreds of security professionals in the industry. It held a number of workshops that were attended by many participants from the private sec- tor, and it reviewed numerous comments to the drafts of the proposed framework that it posted for review.2 More than 3,000 individuals and organizations con- tributed to the framework.3 On February 12, 2014, NIST released its final cybersecurity framework, titled “Framework for Improving Critical Infrastructure Cybersecurity” (hereinafter Framework).4 Through the collaborative public-private partnership, the resulting Framework adopts industry standards and best practices to provide a set of voluntary, risk-based measures that can be used by organizations to address their cybersecurity risk. Although the goal of the Framework is to better protect critical infrastructure,5 such as banks and utili- ties, from cyber attacks, the Framework is a flexible and technology-neutral document that can be used by organizations of any size, sophistication level, or degree of cyber risk. Organizations can use the Framework as a guideline to assess their existing cybersecurity program or to build one from scratch, set goals for cybersecurity that are in sync with their business environment, pri- oritize opportunities for improvement, or establish a plan for improving or maintaining their cybersecurity. The Framework also is a valuable tool to help executives understand their company’s security prac- tices. Executives may use the Framework to see how
their company’s cybersecurity practices measure up to the Framework’s standards, understand where the company’s vulnerabilities lie, and determine if they are doing enough. While the Framework is voluntary and may be criticized as being little more than a compilation of established industry security practices, the Framework nevertheless will likely become an influential bench- mark for assessing an organization’s cybersecurity. This article provides an overview of the NIST Framework and an analysis of its potential impact on businesses. S U M M A RY O F N I S T C Y B E R S E C U R I T Y F R A M E WO R K The Framework is made up of three compo- nents: (1) the Framework Core, (2) Profiles, and Lei Shen is a senior associate in the Privacy & Security and Business & Technology Sourcing practice groups at Mayer Brown in Chicago, IL. She focuses her practice on privacy and security, technology and business process outsourcing, and information technology transactions. Ms. Shen has passed the Certified Information Privacy Professional/United States (CIPP/US) certification exam offered by the International Association of Privacy Professionals (IAPP). She co-chairs the editorial team for both the Mayer Brown Privacy Post newsletter and the Mayer Brown Business & Technology Sourcing Review newsletter. Lei joined Mayer Brown in 2006.
J O U R N A L O F I N T E R N E T L A W D e c e m b e r 2 0 1 4 4 (3) Tiers. Organizations can use these three compo- nents together to conduct a comprehensive review of their cybersecurity program. FRAMEWORK CORE The main component of the Framework is the Framework Core (hereinafter Core). The Core pres- ents a variety of cybersecurity-related activities and outcomes that can be found in a cybersecurity pro- gram, such as the performance of vulnerability scans and the detection of malicious code. The activities and outcomes are organized into five main groups or “Functions”: (1) Identify, (2) Protect, (3) Detect, (4) Respond, and (5) Recover. Each Function is divided into “Categories” and “Subcategories” of cyber - security activities and outcomes. Those Categories and Subcategories point to specific industry-accepted standards and guidelines (e.g., COBIT 5, ISO 27001) that provide more in-depth instruction on how to achieve each specific activity or outcome. For example, if an organization is concerned about its incident response plan, it can look within the “Respond” Function. The Respond Function is divided into five Categories: (1) Response Planning, (2) Communications, (3) Analysis, (4) Mitigation, and (5) Improvements. Each of those Categories is broken
down into various Subcategories of cybersecurity activ- ities. For example, the “Response Planning” Category has one Subcategory (i.e., “Response plan is executed during or after an event”), while the “Improvements” Category has two Subcategories (i.e., “Response plans incorporate lessons learned” and “Response strategies are updated”). Each of the Subcategories then refer- ences related resources, or “Informative References,” that are industry standards and guidelines that provide more detail on how to complete each activity. An organization that uses the Framework need not include all of the Core activities in its cybersecu- rity program, but rather can choose only those activi- ties that are applicable to it. PROFILES The Framework Profiles (hereinafter Profiles), which can be used in conjunction with the Core, provide a summary of an organization’s cybersecurity program and can be used to align an organization’s cybersecurity activities (such as those found within the Framework Core) with its business requirements, risk tolerances, and organizational resources. Organizations can perform a self-assessment to develop a “Current Profile” and a “Target Profile.” An organization’s “Current Profile” provides a view of the current state of its cybersecurity program (i.e., those elements of the Framework Core that it is currently achieving), while an organization’s “Target Profile” identifies a target or goal state (i.e., those elements of the Framework Core that it desires to achieve). After establishing its Current and Target Profiles, an organization can iden- tify gaps between the two and establish a road map
for areas that the organization needs to strengthen in order to progress toward its target state. To allow for flexibility in implementation, the Framework does not provide a template for creating Profiles. TIERS The Implementation Tiers (Tiers), which are separate from the Core, may be used by organizations to self-rank their cybersecurity risk management practices. There are four Tiers available, ranging from Tier 1 (Partial) to Tier 4 (Adaptive). Each Tier refers to an increasing level of rigor and sophistication in an organization’s cybersecurity practices. The lowest Tier is Tier 1 (Partial), which is char- acterized as an organization not having “formalized” risk management practices and having little aware- ness of cybersecurity risks. Tier 4 (Adaptive), on the other hand, describes organizations that can adapt “cybersecurity practices based on lessons learned and predictive indicators derived from previous and cur- rent cybersecurity activities,” are generally aware of cybersecurity risks, and have an organization-wide approach to managing such risks. After organizations have identified where they stand in the four-Tier structure, they can deter- mine whether they should consider investing addi- tional resources to move to a more rigorous Tier. While organizations identified as Tier 1 (Partial) are encouraged to move toward a higher Tier, those organizations that already are higher Tiered may not need to move to a higher level. NIST cautions that progression to higher Tiers is encouraged when such a change is cost-effective and enhances cybersecurity.
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T L A W 5 For example, it may not be cost-effective for a Tier 3 organization to become a Tier 4 organization if the increased protection it receives is relatively small compared to the cost to reach that additional level. H OW TO U S E T H E F R A M E WO R K NIST identifies four different ways that organiza- tions can use the Framework. 1. Basic Review of Cybersecurity Practices— Organizations can use the Framework to compare their current cybersecurity activities with those outlined in the Core to find out in which areas they are achieving the outcomes described in the Core and in which areas they may want to improve. 2. Establishing or Improving a Cybersecurity Program—The Framework lists steps that an organi- zation can follow (such as creating a Current Profile and creating a Target Profile) to create a new cyber- security program or to improve an existing one. 3. Communicating Cybersecurity Requirements with Stakeholders—Because the Framework establishes a common language to communicate cybersecurity requirements, an organization can use the Framework to communicate the organi-
zation’s cybersecurity requirements to its various stakeholders (e.g., service providers). 4. Identifying Opportunities for New or Revised Informative References—Organizations also can use the Framework to identify opportunities to revise or create new standards, guidelines, or practices. P OT E N T I A L I M PAC T O F T H E F R A M E WO R K While the Framework is strictly voluntary and NIST has no enforcement authority, companies are encouraged to use the Framework because of its potential significant impact on a company’s cyberse- curity practices, as described below. INCENTIVES While there are currently no incentives set for using the Framework, the White House has released a list of eight potential incentives that it is proposing to encourage adoption of the Framework.6 Examples of such incentives include risk-based pricing for cybersecurity insurance and liability limitations (such as limited indemnity or lower burdens of proof) for organizations that adopt the Framework. Some incentives, such as limiting liability or providing a safe harbor for companies that adopt the Framework, may require federal legislation, but others, such as the awarding of federal critical infrastructure grants, may make earlier adoption of the Framework very attrac- tive for some companies.
LEGISLATION Congress and federal regulatory agencies may use the Framework as a basis for new legislation and regulations. Congress may also turn to legislation if it perceives that an insufficient number of organizations are voluntarily adopting the Framework and may make the Framework mandatory for critical infra- structure operators. CONTRACTORS As critical infrastructure companies begin adopt- ing the Framework standards, the companies will likely start requiring their suppliers to use and abide by the Framework as well. Likewise, those suppliers will in turn require their own providers to abide by the Framework. This domino effect could dramati- cally increase usage in many industries and result in industries where adoption of the Framework is required by default in order to land a contract. For example, the Department of Defense has published a report that recommends the government “institute baseline cybersecurity requirements as a condition of contract award for appropriate acquisitions.”7 INSURANCE The Framework’s standards may shape how insur- ance carriers view data breaches. Insurance carriers may begin using the Framework as a baseline standard or benchmark in insurance contracts and may start tying a company’s cybersecurity Profile to its insurance rates.
J O U R N A L O F I N T E R N E T L A W D e c e m b e r 2 0 1 4 6 LITIGATION Without cybersecurity legislation in place, the Framework could effectively become the de facto standard for an organization’s cybersecurity efforts. Litigants, such as class action plaintiffs and even shareholders, may start using the Framework’s stan- dards as a reasonableness measure in cybersecurity litigation, and may assert that the Framework estab- lishes a standard of care that companies are obligated to follow. In light of the US Security and Exchange Commission’s (SEC) increasing emphasis on the appropriate disclosure of cyber risks, plaintiffs may bring securities class action litigation alleging material omissions or misrepresentations of a company’s cyber risks based on the Framework. Enforcement actions by state attorneys general and regulators, such as the SEC and the Federal Trade Commission (FTC), may rely on a similar argument. In FTC v. Wyndham Worldwide Corporation, for example, counsel for Wynd ham already have cited the Framework as a potential guide as to what constitutes reasonable data security. On the other hand, organizations at risk for cyber attacks may use their compliance with the Framework as a defense against litigation related to a data breach or other cyber incidents. In addition, proper attention to cybersecurity risk-factor disclosures may decrease the likelihood of a company facing securities class action litigation.
While the Framework was not intended to be used as a prescriptive standard, organizations should be aware that the Framework may very well end up being used as such. F U T U R E O F T H E F R A M E WO R K The Framework is likely to evolve as cybersecu- rity threats and standards evolve. NIST has said that the Framework is not intended to be a static document but rather a “living document.” It named the version of the released Framework as “version 1.0” and issued a supplementary roadmap for future developments and recommendations. Such updates will help the Framework keep pace with changes in technology and threats, incorporate lessons learned from its use, and ensure that the standards address the needs of various sectors in a dynamic and challenging environment. C O N C L U S I O N The Framework is not intended to replace a company’s existing cybersecurity practices or to estab- lish prescriptive standards. Rather, the Framework provides a tool for organizations to use to assess themselves and to use as a baseline to measure their cybersecurity programs. It is a reference point for objective evaluations of an organization’s cyberse- curity programs and for identifying potential gaps in those programs. In view of some recent high-profile data breaches and the pervasiveness of cybersecurity incidents in general, companies should pay close attention to the NIST Framework. While the Framework will not be a panacea for security issues, it has the potential
to have a significant impact in many industries, not just those industries that are related to critical infrastructure. N OT E S 1. Exec. Order No. 13636, Improving Critical Infrastructure Cybersecurity (Feb. 19, 2013), available at http://www.gpo.gov/ fdsys/pkg/FR-2013-02-19/pdf/2013-03915.pdf. 2. Prior drafts of the NIST Cybersecurity Framework are available at http://www.nist.gov/cyberframework/cybersecurity- framework- archived-documents.cfm. 3. “NIST Releases Preliminary Cybersecurity Framework, Will Seek Comments,” NIST.GOV (Oct. 22, 2013), available at http:// www.nist.gov/itl/cybersecurity-102213.cfm. (“Through a request for information and a series of workshops held throughout 2013, NIST engaged with more than 3,000 individuals and organiza- tions on standards, best practices and guidelines that can provide businesses, their suppliers, their customers, and government agencies with a shared set of expected protections for critical information and IT infrastructure.”) 4. NIST Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, NIST.GOV (Feb. 12, 2014), avail- able at http://www.nist.gov/cyberframework/upload/cybersecurity- framework-021214.pdf. 5. The Executive Order defines critical infrastructure as
“systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on the security, national economic security, national public health or safety, or any combi- nation of those matters.” 6. Michael Daniel, “Incentives to Support Adoption of the Cybersecurity Framework,” The White House Blog (Aug. 6, 2013), http://www.whitehouse.gov/blog/2013/08/06/ incentives-support-adoption-cybersecurity-framework. 7. Department of Defense and General Services Administration, “Improving Cybersecurity and Resilience through Acquisition,” Department of Defense (Nov. 2013), available at http://www. defense.gov/news/Improving-Cybersecurity-and-Resilience- Through- Acquisition.pdf. Copyright of Journal of Internet Law is the property of Aspen Publishers Inc. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. Personality Theory Paper PSYCH/645 Version 2 1 University of Phoenix Material
Personality Theory Paper Select a fictional character from history, television, or film. Prior approval from the instructor of your chosen character is required. Film selections may include: · The Blind Side · Rudy · A Beautiful Mind · Pursuit of Happy-ness · Fearless · The Fisher King · Fatal Attraction · What about Bob? · Girl Interrupted Write a 1,050- to 1,400-word paper in which you analyze your chosen character’s personality using one theorist or theory from each of the following columns: Column A Column B Column C Jung Allport Five-factor model Adler Cattell Object relations Freud
Kelly Maslow Horney Ellis Sullivan Search the University Library, the Theory Tables Learning Team Assignment, and other resources for information on each of the theorists or theories you selected. Describe the connection between the character’s personality and the theory used to explain it using relevant information such as direct quotes, descriptions of life events, examples of interpersonal behavior, and so on. Include the following in your paper: · A short introduction outlining the demographic and background information of the chosen character · An evaluation of how each of the chosen personality theorists or theories explains the personality of the chosen character · A discussion of how the selected character’s behavior might be interpreted differently, depending on which theoretical approach is used · A discussion of the extent to which each chosen theorist or theory would address relevant social, cultural, environmental, biological, or unconscious factors that may be influencing the character’s behavior Format your paper consistent with APA guidelines.
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T

Recommended

Project 7 - Organization Security PlanChoose an organization fro.docx
Project 7 - Organization Security PlanChoose an organization fro.docxProject 7 - Organization Security PlanChoose an organization fro.docx
Project 7 - Organization Security PlanChoose an organization fro.docxanitramcroberts
 
NIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTNIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTebonyman0007
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkWilliam McBorrough
 
Project 7 Organization Security PlanChoose an organization from.docx
Project 7 Organization Security PlanChoose an organization from.docxProject 7 Organization Security PlanChoose an organization from.docx
Project 7 Organization Security PlanChoose an organization from.docxwkyra78
 
Five steps to achieve success with application security
Five steps to achieve success with application securityFive steps to achieve success with application security
Five steps to achieve success with application securityIBM Security
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
 
RH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdfRH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdfssuser2209e8
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 

Recommended

Project 7 - Organization Security PlanChoose an organization fro.docx
Project 7 - Organization Security PlanChoose an organization fro.docxProject 7 - Organization Security PlanChoose an organization fro.docx
Project 7 - Organization Security PlanChoose an organization fro.docxanitramcroberts
 
NIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTNIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTebonyman0007
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkWilliam McBorrough
 
Project 7 Organization Security PlanChoose an organization from.docx
Project 7 Organization Security PlanChoose an organization from.docxProject 7 Organization Security PlanChoose an organization from.docx
Project 7 Organization Security PlanChoose an organization from.docxwkyra78
 
Five steps to achieve success with application security
Five steps to achieve success with application securityFive steps to achieve success with application security
Five steps to achieve success with application securityIBM Security
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
 
RH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdfRH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdfssuser2209e8
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperrickkaun
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxelinoraudley582231
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017Josef Sulca Cueva
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfHumphrey Humphrey
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
State of Security Operations 2016
State of Security Operations 2016State of Security Operations 2016
State of Security Operations 2016Tim Grieveson
 
Emerging Need of a Chief Information Security Officer (CISO)
Emerging Need of a Chief Information Security Officer (CISO)Emerging Need of a Chief Information Security Officer (CISO)
Emerging Need of a Chief Information Security Officer (CISO)Maurice Dawson
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfMetaorange
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYharsh arora
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxMetaorange
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
800-37.pptx
800-37.pptx800-37.pptx
800-37.pptxAvniJain836319
 
this assignment is about Mesopotamia and Egypt. Some of these cu.docx
this assignment is about Mesopotamia and Egypt. Some of these cu.docxthis assignment is about Mesopotamia and Egypt. Some of these cu.docx
this assignment is about Mesopotamia and Egypt. Some of these cu.docxOllieShoresna
 
This assignment has two goals 1) have students increase their under.docx
This assignment has two goals 1) have students increase their under.docxThis assignment has two goals 1) have students increase their under.docx
This assignment has two goals 1) have students increase their under.docxOllieShoresna
 

More Related Content

Similar to D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T

Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperrickkaun
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxelinoraudley582231
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfHumphrey Humphrey
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
State of Security Operations 2016
State of Security Operations 2016State of Security Operations 2016
State of Security Operations 2016Tim Grieveson
 
Emerging Need of a Chief Information Security Officer (CISO)
Emerging Need of a Chief Information Security Officer (CISO)Emerging Need of a Chief Information Security Officer (CISO)
Emerging Need of a Chief Information Security Officer (CISO)Maurice Dawson
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfMetaorange
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxMetaorange
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 

Similar to D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T (20)

Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaper
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docx
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity Model
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdf
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
State of Security Operations 2016
State of Security Operations 2016State of Security Operations 2016
State of Security Operations 2016
 
Emerging Need of a Chief Information Security Officer (CISO)
Emerging Need of a Chief Information Security Officer (CISO)Emerging Need of a Chief Information Security Officer (CISO)
Emerging Need of a Chief Information Security Officer (CISO)
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life Cycle
 
All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdf
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptx
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
800-37.pptx
800-37.pptx800-37.pptx
800-37.pptx
 

More from OllieShoresna

this assignment is about Mesopotamia and Egypt. Some of these cu.docx
this assignment is about Mesopotamia and Egypt. Some of these cu.docxthis assignment is about Mesopotamia and Egypt. Some of these cu.docx
this assignment is about Mesopotamia and Egypt. Some of these cu.docxOllieShoresna
 
This assignment has two goals 1) have students increase their under.docx
This assignment has two goals 1) have students increase their under.docxThis assignment has two goals 1) have students increase their under.docx
This assignment has two goals 1) have students increase their under.docxOllieShoresna
 
This assignment has two parts 1 paragraph per questionIn wh.docx
This assignment has two parts 1 paragraph per questionIn wh.docxThis assignment has two parts 1 paragraph per questionIn wh.docx
This assignment has two parts 1 paragraph per questionIn wh.docxOllieShoresna
 
This assignment is a minimum of 100 word all parts of each querstion.docx
This assignment is a minimum of 100 word all parts of each querstion.docxThis assignment is a minimum of 100 word all parts of each querstion.docx
This assignment is a minimum of 100 word all parts of each querstion.docxOllieShoresna
 
This assignment has three elements a traditional combination format.docx
This assignment has three elements a traditional combination format.docxThis assignment has three elements a traditional combination format.docx
This assignment has three elements a traditional combination format.docxOllieShoresna
 
This assignment has four partsWhat changes in business software p.docx
This assignment has four partsWhat changes in business software p.docxThis assignment has four partsWhat changes in business software p.docx
This assignment has four partsWhat changes in business software p.docxOllieShoresna
 
This assignment consists of two partsthe core evaluation, a.docx
This assignment consists of two partsthe core evaluation, a.docxThis assignment consists of two partsthe core evaluation, a.docx
This assignment consists of two partsthe core evaluation, a.docxOllieShoresna
 
This assignment asks you to analyze a significant textual elemen.docx
This assignment asks you to analyze a significant textual elemen.docxThis assignment asks you to analyze a significant textual elemen.docx
This assignment asks you to analyze a significant textual elemen.docxOllieShoresna
 
This assignment allows you to learn more about one key person in Jew.docx
This assignment allows you to learn more about one key person in Jew.docxThis assignment allows you to learn more about one key person in Jew.docx
This assignment allows you to learn more about one key person in Jew.docxOllieShoresna
 
This assignment allows you to explore the effects of social influe.docx
This assignment allows you to explore the effects of social influe.docxThis assignment allows you to explore the effects of social influe.docx
This assignment allows you to explore the effects of social influe.docxOllieShoresna
 
This assignment addresses pretrial procedures that occur prior to th.docx
This assignment addresses pretrial procedures that occur prior to th.docxThis assignment addresses pretrial procedures that occur prior to th.docx
This assignment addresses pretrial procedures that occur prior to th.docxOllieShoresna
 
This assignment allows you to learn more about one key person in J.docx
This assignment allows you to learn more about one key person in J.docxThis assignment allows you to learn more about one key person in J.docx
This assignment allows you to learn more about one key person in J.docxOllieShoresna
 
This assignment allows you to explore the effects of social infl.docx
This assignment allows you to explore the effects of social infl.docxThis assignment allows you to explore the effects of social infl.docx
This assignment allows you to explore the effects of social infl.docxOllieShoresna
 
this about communication please i eant you answer this question.docx
this about communication please i eant you answer this question.docxthis about communication please i eant you answer this question.docx
this about communication please i eant you answer this question.docxOllieShoresna
 
Think of a time when a company did not process an order or perform a.docx
Think of a time when a company did not process an order or perform a.docxThink of a time when a company did not process an order or perform a.docx
Think of a time when a company did not process an order or perform a.docxOllieShoresna
 
Think_Vision W5- Importance of VaccinationImportance of Vaccinatio.docx
Think_Vision W5- Importance of VaccinationImportance of Vaccinatio.docxThink_Vision W5- Importance of VaccinationImportance of Vaccinatio.docx
Think_Vision W5- Importance of VaccinationImportance of Vaccinatio.docxOllieShoresna
 
Thinks for both only 50 words as much for each one1-xxxxd, unf.docx
Thinks for both only 50 words as much for each one1-xxxxd, unf.docxThinks for both only 50 words as much for each one1-xxxxd, unf.docx
Thinks for both only 50 words as much for each one1-xxxxd, unf.docxOllieShoresna
 
Think of a specific change you would like to bring to your organizat.docx
Think of a specific change you would like to bring to your organizat.docxThink of a specific change you would like to bring to your organizat.docx
Think of a specific change you would like to bring to your organizat.docxOllieShoresna
 
Think of a possible change initiative in your selected organization..docx
Think of a possible change initiative in your selected organization..docxThink of a possible change initiative in your selected organization..docx
Think of a possible change initiative in your selected organization..docxOllieShoresna
 
Thinking About Research PaperConsider the research question and .docx
Thinking About Research PaperConsider the research question and .docxThinking About Research PaperConsider the research question and .docx
Thinking About Research PaperConsider the research question and .docxOllieShoresna
 

More from OllieShoresna (20)

this assignment is about Mesopotamia and Egypt. Some of these cu.docx
this assignment is about Mesopotamia and Egypt. Some of these cu.docxthis assignment is about Mesopotamia and Egypt. Some of these cu.docx
this assignment is about Mesopotamia and Egypt. Some of these cu.docx
 
This assignment has two goals 1) have students increase their under.docx
This assignment has two goals 1) have students increase their under.docxThis assignment has two goals 1) have students increase their under.docx
This assignment has two goals 1) have students increase their under.docx
 
This assignment has two parts 1 paragraph per questionIn wh.docx
This assignment has two parts 1 paragraph per questionIn wh.docxThis assignment has two parts 1 paragraph per questionIn wh.docx
This assignment has two parts 1 paragraph per questionIn wh.docx
 
This assignment is a minimum of 100 word all parts of each querstion.docx
This assignment is a minimum of 100 word all parts of each querstion.docxThis assignment is a minimum of 100 word all parts of each querstion.docx
This assignment is a minimum of 100 word all parts of each querstion.docx
 
This assignment has three elements a traditional combination format.docx
This assignment has three elements a traditional combination format.docxThis assignment has three elements a traditional combination format.docx
This assignment has three elements a traditional combination format.docx
 
This assignment has four partsWhat changes in business software p.docx
This assignment has four partsWhat changes in business software p.docxThis assignment has four partsWhat changes in business software p.docx
This assignment has four partsWhat changes in business software p.docx
 
This assignment consists of two partsthe core evaluation, a.docx
This assignment consists of two partsthe core evaluation, a.docxThis assignment consists of two partsthe core evaluation, a.docx
This assignment consists of two partsthe core evaluation, a.docx
 
This assignment asks you to analyze a significant textual elemen.docx
This assignment asks you to analyze a significant textual elemen.docxThis assignment asks you to analyze a significant textual elemen.docx
This assignment asks you to analyze a significant textual elemen.docx
 
This assignment allows you to learn more about one key person in Jew.docx
This assignment allows you to learn more about one key person in Jew.docxThis assignment allows you to learn more about one key person in Jew.docx
This assignment allows you to learn more about one key person in Jew.docx
 
This assignment allows you to explore the effects of social influe.docx
This assignment allows you to explore the effects of social influe.docxThis assignment allows you to explore the effects of social influe.docx
This assignment allows you to explore the effects of social influe.docx
 
This assignment addresses pretrial procedures that occur prior to th.docx
This assignment addresses pretrial procedures that occur prior to th.docxThis assignment addresses pretrial procedures that occur prior to th.docx
This assignment addresses pretrial procedures that occur prior to th.docx
 
This assignment allows you to learn more about one key person in J.docx
This assignment allows you to learn more about one key person in J.docxThis assignment allows you to learn more about one key person in J.docx
This assignment allows you to learn more about one key person in J.docx
 
This assignment allows you to explore the effects of social infl.docx
This assignment allows you to explore the effects of social infl.docxThis assignment allows you to explore the effects of social infl.docx
This assignment allows you to explore the effects of social infl.docx
 
this about communication please i eant you answer this question.docx
this about communication please i eant you answer this question.docxthis about communication please i eant you answer this question.docx
this about communication please i eant you answer this question.docx
 
Think of a time when a company did not process an order or perform a.docx
Think of a time when a company did not process an order or perform a.docxThink of a time when a company did not process an order or perform a.docx
Think of a time when a company did not process an order or perform a.docx
 
Think_Vision W5- Importance of VaccinationImportance of Vaccinatio.docx
Think_Vision W5- Importance of VaccinationImportance of Vaccinatio.docxThink_Vision W5- Importance of VaccinationImportance of Vaccinatio.docx
Think_Vision W5- Importance of VaccinationImportance of Vaccinatio.docx
 
Thinks for both only 50 words as much for each one1-xxxxd, unf.docx
Thinks for both only 50 words as much for each one1-xxxxd, unf.docxThinks for both only 50 words as much for each one1-xxxxd, unf.docx
Thinks for both only 50 words as much for each one1-xxxxd, unf.docx
 
Think of a specific change you would like to bring to your organizat.docx
Think of a specific change you would like to bring to your organizat.docxThink of a specific change you would like to bring to your organizat.docx
Think of a specific change you would like to bring to your organizat.docx
 
Think of a possible change initiative in your selected organization..docx
Think of a possible change initiative in your selected organization..docxThink of a possible change initiative in your selected organization..docx
Think of a possible change initiative in your selected organization..docx
 
Thinking About Research PaperConsider the research question and .docx
Thinking About Research PaperConsider the research question and .docxThinking About Research PaperConsider the research question and .docx
Thinking About Research PaperConsider the research question and .docx
 

Recently uploaded

How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxPooja Bhuva
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptxJoelynRubio1
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxPooja Bhuva
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Pooja Bhuva
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxUmeshTimilsina1
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 

Recently uploaded (20)

How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 

D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T

  • 1. D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T L A W 3 The NIST Cybersecurity Framework: Overview and Potential Impacts By Lei Shen W ith the recent and increasing number of high- profile data breaches, businesses are becoming increasingly concerned about cybersecurity. Such data breaches have cost the affected companies millions of dollars due to liability, lawsuits, reduced earnings, decreased consumer trust, and falling stock prices, while putting consumers at risk. Even though the recent attacks have targeted consumer data, such attacks may have even greater impact when targeted at the nation’s critical infrastructure. The White House acknowledged this when it issued Executive Order 13636,1 which required the National Institute of Standards and Technology (NIST), a non-regulatory agency of the Department of Commerce, to develop a “cybersecurity framework” to help regulators and indus- try participants identify and mitigate cyber risks that
  • 2. potentially could affect national and economic security. To develop the framework and gain an under- standing of the current cybersecurity landscape, NIST consulted hundreds of security professionals in the industry. It held a number of workshops that were attended by many participants from the private sec- tor, and it reviewed numerous comments to the drafts of the proposed framework that it posted for review.2 More than 3,000 individuals and organizations con- tributed to the framework.3 On February 12, 2014, NIST released its final cybersecurity framework, titled “Framework for Improving Critical Infrastructure Cybersecurity” (hereinafter Framework).4 Through the collaborative public-private partnership, the resulting Framework adopts industry standards and best practices to provide a set of voluntary, risk-based measures that can be used by organizations to address their cybersecurity risk. Although the goal of the Framework is to better protect critical infrastructure,5 such as banks and utili- ties, from cyber attacks, the Framework is a flexible and technology-neutral document that can be used by organizations of any size, sophistication level, or degree of cyber risk. Organizations can use the Framework as a guideline to assess their existing cybersecurity program or to build one from scratch, set goals for cybersecurity that are in sync with their business environment, pri- oritize opportunities for improvement, or establish a plan for improving or maintaining their cybersecurity. The Framework also is a valuable tool to help executives understand their company’s security prac- tices. Executives may use the Framework to see how
  • 3. their company’s cybersecurity practices measure up to the Framework’s standards, understand where the company’s vulnerabilities lie, and determine if they are doing enough. While the Framework is voluntary and may be criticized as being little more than a compilation of established industry security practices, the Framework nevertheless will likely become an influential bench- mark for assessing an organization’s cybersecurity. This article provides an overview of the NIST Framework and an analysis of its potential impact on businesses. S U M M A RY O F N I S T C Y B E R S E C U R I T Y F R A M E WO R K The Framework is made up of three compo- nents: (1) the Framework Core, (2) Profiles, and Lei Shen is a senior associate in the Privacy & Security and Business & Technology Sourcing practice groups at Mayer Brown in Chicago, IL. She focuses her practice on privacy and security, technology and business process outsourcing, and information technology transactions. Ms. Shen has passed the Certified Information Privacy Professional/United States (CIPP/US) certification exam offered by the International Association of Privacy Professionals (IAPP). She co-chairs the editorial team for both the Mayer Brown Privacy Post newsletter and the Mayer Brown Business & Technology Sourcing Review newsletter. Lei joined Mayer Brown in 2006.
  • 4. J O U R N A L O F I N T E R N E T L A W D e c e m b e r 2 0 1 4 4 (3) Tiers. Organizations can use these three compo- nents together to conduct a comprehensive review of their cybersecurity program. FRAMEWORK CORE The main component of the Framework is the Framework Core (hereinafter Core). The Core pres- ents a variety of cybersecurity-related activities and outcomes that can be found in a cybersecurity pro- gram, such as the performance of vulnerability scans and the detection of malicious code. The activities and outcomes are organized into five main groups or “Functions”: (1) Identify, (2) Protect, (3) Detect, (4) Respond, and (5) Recover. Each Function is divided into “Categories” and “Subcategories” of cyber - security activities and outcomes. Those Categories and Subcategories point to specific industry-accepted standards and guidelines (e.g., COBIT 5, ISO 27001) that provide more in-depth instruction on how to achieve each specific activity or outcome. For example, if an organization is concerned about its incident response plan, it can look within the “Respond” Function. The Respond Function is divided into five Categories: (1) Response Planning, (2) Communications, (3) Analysis, (4) Mitigation, and (5) Improvements. Each of those Categories is broken
  • 5. down into various Subcategories of cybersecurity activ- ities. For example, the “Response Planning” Category has one Subcategory (i.e., “Response plan is executed during or after an event”), while the “Improvements” Category has two Subcategories (i.e., “Response plans incorporate lessons learned” and “Response strategies are updated”). Each of the Subcategories then refer- ences related resources, or “Informative References,” that are industry standards and guidelines that provide more detail on how to complete each activity. An organization that uses the Framework need not include all of the Core activities in its cybersecu- rity program, but rather can choose only those activi- ties that are applicable to it. PROFILES The Framework Profiles (hereinafter Profiles), which can be used in conjunction with the Core, provide a summary of an organization’s cybersecurity program and can be used to align an organization’s cybersecurity activities (such as those found within the Framework Core) with its business requirements, risk tolerances, and organizational resources. Organizations can perform a self-assessment to develop a “Current Profile” and a “Target Profile.” An organization’s “Current Profile” provides a view of the current state of its cybersecurity program (i.e., those elements of the Framework Core that it is currently achieving), while an organization’s “Target Profile” identifies a target or goal state (i.e., those elements of the Framework Core that it desires to achieve). After establishing its Current and Target Profiles, an organization can iden- tify gaps between the two and establish a road map
  • 6. for areas that the organization needs to strengthen in order to progress toward its target state. To allow for flexibility in implementation, the Framework does not provide a template for creating Profiles. TIERS The Implementation Tiers (Tiers), which are separate from the Core, may be used by organizations to self-rank their cybersecurity risk management practices. There are four Tiers available, ranging from Tier 1 (Partial) to Tier 4 (Adaptive). Each Tier refers to an increasing level of rigor and sophistication in an organization’s cybersecurity practices. The lowest Tier is Tier 1 (Partial), which is char- acterized as an organization not having “formalized” risk management practices and having little aware- ness of cybersecurity risks. Tier 4 (Adaptive), on the other hand, describes organizations that can adapt “cybersecurity practices based on lessons learned and predictive indicators derived from previous and cur- rent cybersecurity activities,” are generally aware of cybersecurity risks, and have an organization-wide approach to managing such risks. After organizations have identified where they stand in the four-Tier structure, they can deter- mine whether they should consider investing addi- tional resources to move to a more rigorous Tier. While organizations identified as Tier 1 (Partial) are encouraged to move toward a higher Tier, those organizations that already are higher Tiered may not need to move to a higher level. NIST cautions that progression to higher Tiers is encouraged when such a change is cost-effective and enhances cybersecurity.
  • 7. D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T L A W 5 For example, it may not be cost-effective for a Tier 3 organization to become a Tier 4 organization if the increased protection it receives is relatively small compared to the cost to reach that additional level. H OW TO U S E T H E F R A M E WO R K NIST identifies four different ways that organiza- tions can use the Framework. 1. Basic Review of Cybersecurity Practices— Organizations can use the Framework to compare their current cybersecurity activities with those outlined in the Core to find out in which areas they are achieving the outcomes described in the Core and in which areas they may want to improve. 2. Establishing or Improving a Cybersecurity Program—The Framework lists steps that an organi- zation can follow (such as creating a Current Profile and creating a Target Profile) to create a new cyber- security program or to improve an existing one. 3. Communicating Cybersecurity Requirements with Stakeholders—Because the Framework establishes a common language to communicate cybersecurity requirements, an organization can use the Framework to communicate the organi-
  • 8. zation’s cybersecurity requirements to its various stakeholders (e.g., service providers). 4. Identifying Opportunities for New or Revised Informative References—Organizations also can use the Framework to identify opportunities to revise or create new standards, guidelines, or practices. P OT E N T I A L I M PAC T O F T H E F R A M E WO R K While the Framework is strictly voluntary and NIST has no enforcement authority, companies are encouraged to use the Framework because of its potential significant impact on a company’s cyberse- curity practices, as described below. INCENTIVES While there are currently no incentives set for using the Framework, the White House has released a list of eight potential incentives that it is proposing to encourage adoption of the Framework.6 Examples of such incentives include risk-based pricing for cybersecurity insurance and liability limitations (such as limited indemnity or lower burdens of proof) for organizations that adopt the Framework. Some incentives, such as limiting liability or providing a safe harbor for companies that adopt the Framework, may require federal legislation, but others, such as the awarding of federal critical infrastructure grants, may make earlier adoption of the Framework very attrac- tive for some companies.
  • 9. LEGISLATION Congress and federal regulatory agencies may use the Framework as a basis for new legislation and regulations. Congress may also turn to legislation if it perceives that an insufficient number of organizations are voluntarily adopting the Framework and may make the Framework mandatory for critical infra- structure operators. CONTRACTORS As critical infrastructure companies begin adopt- ing the Framework standards, the companies will likely start requiring their suppliers to use and abide by the Framework as well. Likewise, those suppliers will in turn require their own providers to abide by the Framework. This domino effect could dramati- cally increase usage in many industries and result in industries where adoption of the Framework is required by default in order to land a contract. For example, the Department of Defense has published a report that recommends the government “institute baseline cybersecurity requirements as a condition of contract award for appropriate acquisitions.”7 INSURANCE The Framework’s standards may shape how insur- ance carriers view data breaches. Insurance carriers may begin using the Framework as a baseline standard or benchmark in insurance contracts and may start tying a company’s cybersecurity Profile to its insurance rates.
  • 10. J O U R N A L O F I N T E R N E T L A W D e c e m b e r 2 0 1 4 6 LITIGATION Without cybersecurity legislation in place, the Framework could effectively become the de facto standard for an organization’s cybersecurity efforts. Litigants, such as class action plaintiffs and even shareholders, may start using the Framework’s stan- dards as a reasonableness measure in cybersecurity litigation, and may assert that the Framework estab- lishes a standard of care that companies are obligated to follow. In light of the US Security and Exchange Commission’s (SEC) increasing emphasis on the appropriate disclosure of cyber risks, plaintiffs may bring securities class action litigation alleging material omissions or misrepresentations of a company’s cyber risks based on the Framework. Enforcement actions by state attorneys general and regulators, such as the SEC and the Federal Trade Commission (FTC), may rely on a similar argument. In FTC v. Wyndham Worldwide Corporation, for example, counsel for Wynd ham already have cited the Framework as a potential guide as to what constitutes reasonable data security. On the other hand, organizations at risk for cyber attacks may use their compliance with the Framework as a defense against litigation related to a data breach or other cyber incidents. In addition, proper attention to cybersecurity risk-factor disclosures may decrease the likelihood of a company facing securities class action litigation.
  • 11. While the Framework was not intended to be used as a prescriptive standard, organizations should be aware that the Framework may very well end up being used as such. F U T U R E O F T H E F R A M E WO R K The Framework is likely to evolve as cybersecu- rity threats and standards evolve. NIST has said that the Framework is not intended to be a static document but rather a “living document.” It named the version of the released Framework as “version 1.0” and issued a supplementary roadmap for future developments and recommendations. Such updates will help the Framework keep pace with changes in technology and threats, incorporate lessons learned from its use, and ensure that the standards address the needs of various sectors in a dynamic and challenging environment. C O N C L U S I O N The Framework is not intended to replace a company’s existing cybersecurity practices or to estab- lish prescriptive standards. Rather, the Framework provides a tool for organizations to use to assess themselves and to use as a baseline to measure their cybersecurity programs. It is a reference point for objective evaluations of an organization’s cyberse- curity programs and for identifying potential gaps in those programs. In view of some recent high-profile data breaches and the pervasiveness of cybersecurity incidents in general, companies should pay close attention to the NIST Framework. While the Framework will not be a panacea for security issues, it has the potential
  • 12. to have a significant impact in many industries, not just those industries that are related to critical infrastructure. N OT E S 1. Exec. Order No. 13636, Improving Critical Infrastructure Cybersecurity (Feb. 19, 2013), available at http://www.gpo.gov/ fdsys/pkg/FR-2013-02-19/pdf/2013-03915.pdf. 2. Prior drafts of the NIST Cybersecurity Framework are available at http://www.nist.gov/cyberframework/cybersecurity- framework- archived-documents.cfm. 3. “NIST Releases Preliminary Cybersecurity Framework, Will Seek Comments,” NIST.GOV (Oct. 22, 2013), available at http:// www.nist.gov/itl/cybersecurity-102213.cfm. (“Through a request for information and a series of workshops held throughout 2013, NIST engaged with more than 3,000 individuals and organiza- tions on standards, best practices and guidelines that can provide businesses, their suppliers, their customers, and government agencies with a shared set of expected protections for critical information and IT infrastructure.”) 4. NIST Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, NIST.GOV (Feb. 12, 2014), avail- able at http://www.nist.gov/cyberframework/upload/cybersecurity- framework-021214.pdf. 5. The Executive Order defines critical infrastructure as
  • 13. “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on the security, national economic security, national public health or safety, or any combi- nation of those matters.” 6. Michael Daniel, “Incentives to Support Adoption of the Cybersecurity Framework,” The White House Blog (Aug. 6, 2013), http://www.whitehouse.gov/blog/2013/08/06/ incentives-support-adoption-cybersecurity-framework. 7. Department of Defense and General Services Administration, “Improving Cybersecurity and Resilience through Acquisition,” Department of Defense (Nov. 2013), available at http://www. defense.gov/news/Improving-Cybersecurity-and-Resilience- Through- Acquisition.pdf. Copyright of Journal of Internet Law is the property of Aspen Publishers Inc. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. Personality Theory Paper PSYCH/645 Version 2 1 University of Phoenix Material
  • 14. Personality Theory Paper Select a fictional character from history, television, or film. Prior approval from the instructor of your chosen character is required. Film selections may include: · The Blind Side · Rudy · A Beautiful Mind · Pursuit of Happy-ness · Fearless · The Fisher King · Fatal Attraction · What about Bob? · Girl Interrupted Write a 1,050- to 1,400-word paper in which you analyze your chosen character’s personality using one theorist or theory from each of the following columns: Column A Column B Column C Jung Allport Five-factor model Adler Cattell Object relations Freud
  • 15. Kelly Maslow Horney Ellis Sullivan Search the University Library, the Theory Tables Learning Team Assignment, and other resources for information on each of the theorists or theories you selected. Describe the connection between the character’s personality and the theory used to explain it using relevant information such as direct quotes, descriptions of life events, examples of interpersonal behavior, and so on. Include the following in your paper: · A short introduction outlining the demographic and background information of the chosen character · An evaluation of how each of the chosen personality theorists or theories explains the personality of the chosen character · A discussion of how the selected character’s behavior might be interpreted differently, depending on which theoretical approach is used · A discussion of the extent to which each chosen theorist or theory would address relevant social, cultural, environmental, biological, or unconscious factors that may be influencing the character’s behavior Format your paper consistent with APA guidelines.