NIST：制定Cybersecurity的框架进行时-白红宇

2013年7月1日，NIST针对其正在制定的网络空间安全框架提出了一个征询意见。这个网络空间安全框架是今年2月份奥巴马签发的一个总统令的落地。

目前这个项目还处于初期。比较有意思的是NIST将网络空间安全分为了五个方面的功能，分别是：辨识、防御、检测、响应、修复。

•Know – Gaining the institutional understanding to identify what systems need to be protected, assess priority in light of organizational mission, and manage processes to achieve cost effective risk management goals

•Prevent – Categories of management, technical , and operational activities that enable the organization to decide on the appropriate outcome-based actions to ensure adequate protection against threats to business systems that support critical infrastructure components.

•Detect – Activities that identify (through ongoing monitoring or other means of observation) the presence of undesirable cyber risk events, and the processes to assess the potential impact of those events.

•Respond – Specific risk management decisions and activities enacted based upon previously implemented planning (from the Prevent function) relative to estimated impact.

•Recover - Categories of management, technical, and operational activities that restore services that have previously been impaired through an undesirable cybersecurity risk event.

本文转自叶蓬 51CTO博客，原文链接：http://blog.51cto.com/yepeng/1241770，如需转载请自行联系原作者