2013年7月1日,NIST针对其正在制定的网络空间安全框架提出了一个提纲征询意见。这个网络空间安全框架是今年2月份奥巴马签发的一个总统令的落地。
目前这个项目还处于初期。比较有意思的是NIST将网络空间安全分为了五个方面的功能,分别是:辨识、防御、检测、响应、修复。
•Know – Gaining the institutional understanding to identify what systems need to be protected, assess priority in light of organizational mission, and manage processes to achieve cost effective risk management goals•Prevent – Categories of management, technical , and operational activities that enable the organization to decide on the appropriate outcome-based actions to ensure adequate protection against threats to business systems that support critical infrastructure components.
•Detect – Activities that identify (through ongoing monitoring or other means of observation) the presence of undesirable cyber risk events, and the processes to assess the potential impact of those events.
•Respond – Specific risk management decisions and activities enacted based upon previously implemented planning (from the Prevent function) relative to estimated impact.
•Recover - Categories of management, technical, and operational activities that restore services that have previously been impaired through an undesirable cybersecurity risk event.
本文转自叶蓬 51CTO博客,原文链接:http://blog.51cto.com/yepeng/1241770,如需转载请自行联系原作者
