NIST：制定Cybersecurity的框架进行时

2013年7月1日，NIST针对其正在制定的网络空间安全框架提出了一个提纲征询意见。这个网络空间安全框架是今年2月份奥巴马签发的一个总统令的落地。

目前这个项目还处于初期。比较有意思的是NIST将网络空间安全分为了五个方面的功能，分别是：辨识、防御、检测、响应、修复。

•Know – Gaining the institutional understanding to identify what systems need to be protected,  assess priority in light of organizational mission, and manage processes to achieve cost  effective risk management goals 
•Prevent – Categories of management, technical , and operational activities that enable the organization to decide on the appropriate outcome-based actions to ensure adequate protection against threats to business systems that support critical infrastructure components.
•Detect – Activities that identify (through ongoing monitoring or other means of observation) the presence of undesirable cyber risk events, and the processes to assess the potential impact of those events.
•Respond – Specific risk management decisions and activities enacted based upon previously implemented planning (from the Prevent function) relative to estimated impact.

•Recover - Categories of management, technical, and operational activities that restore services that have previously been impaired through an undesirable cybersecurity risk event.

     本文转自叶蓬 51CTO博客，原文链接：http://blog.51cto.com/yepeng/1241770，如需转载请自行联系原作者