After reading through the CyberSecurity Strategy and Implementation Plan (CSIP) I was impressed with its scope and relatively clear terminology, acronyms notwithstanding, and how it outlined federal strategy. I expect the timelines to be challenging, though. Working in a multi-national, Fortune 500 company, I know that if you don’t already have some information collected and… Continue reading CSIP Looks Good
Controls are logical mechanisms applied in an effort to reduce risk. This may feel vague because the term is primarily an abstract, logical entity that has specific implementations and humans like more concrete, implementable things. Architecturally these entities sit at the logical layer but have concrete instances that are implemented by contextualizing the qualities of… Continue reading What Are Controls (Safeguards)?