Richard Stiennon

Chief Research Analyst


Floundering Frameworks: NIST as a Case in Point

Posted on: 24 Oct 2013

Thanks to a directive from President Barak Obama, NIST has released its Preliminary Cybersecurity Framework for critical infrastructure. Like most security frameworks it is fatally flawed. The framework is poisoned with Risk Management thinking, a nebulous concept borrowed from the world of finance and actuarial tables that simply does not work for cyber security. The…