The White House released a framework for the critical infrastructure regarding Cybersecurity. The interesting part is, that it is not based on a certification approach but on risk management. Definitely the right mindset as it allows companies to move away from compliance management to risk management. I am absolutely convinced that managing compliance has its advantages but at the end of the day does not help to achieve more security. It can help, it can provide you some understanding whether you thought about everything but does not necessarily help you to increase your security.
Therefore, the framework is something to look at.
- Cybersecurity Framework in the US (halbheer.ch)
- Cybersecurity Framework Useful, But Falls Short on Privacy (ubuntumactheme.com)
- White House pushes cybersecurity framework for critical infrastructure (pcworld.com)
- US launches voluntary cybersecurity plan (spacewar.com)