I can’t believe it was a year ago that I published the previous post in the Cybersecurity series! I have drafts to complete the series but became focused on building the solution DEFCON CYBER(tm). I’ll try to get the next part published in the next week.
To prepare for the next post I’ll give a preview. I have evolved my perspective of the NIST Framework Target Profile – think of it as an “Operational Risk Mitigation STRATEGY”. NIST has yet to take the step to concur that the Target Profile represents a strategy. In my next blog post, I’ll explain why it represents a strategy, and why this change in perspective is necessary for cybersecurity improvement and for making risk posture measurement possible. For now, I’ll just ask the question “What is it you need to DO WELL to protect your critical assets from your threats?”
Here are a couple of reference links that further describe the approach:
- Link to DEFCON CYBER(tm) White Paper from the NIST Cybersecurity Framework Industry Resources page (look for Rofori’s DEFCON CYBER in the “Tools that Incorporate Framework” section)
- Blog post “Demonstrably Improving Cybersecurity Risk Posture Can Increase a Financial Firm’s Competitive Advantage” written for the California Hedge Fund Association