Show Notes:


Contact Me:

Twitter: @justinfimlaid


Hey Everyone – I’m starting to feel a little bad that the Government has been shutdown for so long.  I’ve hit the NIST site at least 10-15 over the last couple weeks looking for a reference only to be met by a we’re closed frowny face.  Anyway – as soon as I recorded this the government opened up…figures.   By the time this goes live NIST will be open again. 

If you’re looking to build or enhance your security program.  The NIST Cybersecurity Framework might be a good place to start.

I see a lot of companies looking to build their security or compliance programs around PCI-DSS, HIPAA, or FFIEC guidance to name a few.  It’s good guidance but these regulations fail to recognize an organized security capability.  Meaning – there’s no categorization that exists that says if you do these group of security tasks you’ll be better protected, or if you focus on these groups of tasks you’ll be better positioned to recover from a cyber event.

The NIST Cybersecurity framework is organized exactly that way.  In absence of any regulation or compliance requirement this framework might provide a nice step into budget conversations or even establishing a common way to talk about cybersecurity within your organization or institution.

To read more about the NIST Cybersecurity Framework, check out my post at NuHarbor Security.