This article is the twelfth in our ongoing series exploring the NIST Cybersecurity Framework. 

When students and staff at the Coast Guard Academy needed their laptops and mobile phones repaired, they called Larry Mathews. For over a decade, Mathews owned the local computer repair shop. Then he pleaded guilty to computer intrusion.

Cybersecurity is a topic so broad that the NIST Framework addresses the concept of “Data Security” as just one of 22 important risk categories.

As part of our continuing series on the NIST Framework, we completed our review of the “Identify” category last month.  

The Food and Drug Administration (FDA) issued a new set of draft guidelines in hopes that medical device manufacturers not only address cybersecurity risks before they design products, but also during the maintenance of them.
 

The National Institute of Standards and Technology (NIST) is funding the development of a visualization tool that will show the demand for and availability of critical cybersecurity jobs across the nation.

Good governance should translate into your organization having high confidence that these four principles hold true.

This is the second in a recurring series that explores the cybersecurity principles and best practices found within the National Institute of Standards & Technology Cybersecurity Framework. You may recall from last month’s column that NIST organizes cybersecurity risk management into five high-level functions: Identify, Protect, Detect, Respond and Recover.

This is the first in a recurring series that explores the functions, categories and subcategories of the National Institute of Standards & Technology (NIST) cybersecurity framework.