Archive for the ‘Global Security Strategy and Diplomacy’ Category

Microsoft’s Perspective on the NIST Preliminary Cybersecurity Framework: Four Recommendations for the Final Stages of Development

December 19th, 2013 No comments

Last week, Microsoft filed comments with the National Institute of Standards and Technology (NIST) on the Preliminary Cybersecurity Framework, which can be read here.  I wanted to share a summary of our perspective on the Framework, as well as our recommendations to NIST as they continue development for final publication in February 2014.  These comments are a continuation of our efforts to encourage thoughtful consideration of the Framework through convening events at our Innovation and Policy Centerparticipating in NIST’s Framework workshops, and delivering prior comments on the Framework and recommendations for incentives for its adoption.  Read more

…(read more)

Maslow and Malware: Developing a Hierarchy of Needs for Cybersecurity

Posted by: Kevin Sullivan, Principal Security Strategist, Trustworthy Computing

The pervasive use of computing and the Internet means that cybersecurity is now a major concern for organizations around the world. In response, decision makers are developing plans that seek to ensure key assets, systems and networks remain protected in this new environment, while preserving the benefits that come with broad connectivity. However, these approaches vary considerably, according to the different needs and stages of development of individual countries. Read more

…(read more)

Microsoft hosts cybersecurity and privacy professionals for discussion about the Cybersecurity Framework

October 31st, 2013 No comments

Last week, Microsoft’s Innovation & Policy Center in Washington, D.C. convened a distinguished group of cybersecurity and privacy professionals from across industry sectors for a panel discussion about the forthcoming Cybersecurity Framework, expected from the National Institute of Standards and Technology (NIST) in February 2014, and its implications for critical infrastructure organizations. 

I was pleased to participate as a panelist alongside:

  • Mark Clancy, CISO of the Depository Trust and Clearing Corporation
  • Trevor Hughes, President and CEO of the International Association of Privacy Professionals
  • Mike Kuberski, Chief Information Security Officer of Pepco Holdings
  • Larry Trittschuh, Executive Director for Threat Management, General Electric
  • Fred Cate, Indiana University Maurer School of Law, who served as moderator

Read more

…(read more)

Advancing the Discussion on Cybersecurity Norms

Posted by Matt Thomlinson, general manager, Trustworthy Computing

Last week I participated in the Seoul Conference on Cyberspace 2013, where I spoke on a panel on capacity building, and also participated in the ICT4Peace Foundation’s special session at the conference.

During the capacity-building panel, I discussed how over the next six years, another two billion users will come online, basically doubling the Internet population.  The majority of these users will be from emerging economies, who will still be bringing large portions of their populations online.   But with the ability to realize the social and economic benefits of cyberspace also come a new challenge – cybersecurity is necessary to sustain confidence and growth. Read more

…(read more)