Cybersecurity Risk Management - Cynthia Brumfield

Скачать книгу

      70  46

      71 47

      72  48

      73 49

      74 50

      75 51

      76  52

      77  53

      78  54

      79 55

      80  56

      81  57

      82  58

      83 59

      84  60

      85 61

      86  62

      87  63

      88  64

      89  65

      90  66

      91 67

      92 68

      93  69

      94 70

      95 71

      96  72

      97 73

      98  74

      99  75

      100  76

      101  77

      102  78

      103  79

      104  80

      105  81

      106  82

      107  83

      108 84

      109 85

      110  86

      111 87

      112 88

      113  89

      114  90

      115  91

      116  92

      117 93

      118 94

      119  95

      120  96

      121  97

      122  98

      123  99

      124  100

      125 101

      126  102

      127  103

      128 104

      129  105

      130  106

      131  107

      132  108

      133  109

      134  110

      135  111

      136  112

      137  113

      138  114

      139 115

      140  116

      141 117

      142 118

      143  119

      144  120

      145  121

      146 122

      147 123

      148 124

      149 125

      150 126

      151 127

      152 128

      153 129

      154 130

      155  131

      156 132

      157 133

      158 134

      159 135

      160 136

      161 137

      162 138

      163 139

      164 140

      165 141

      166 142

      As a professor who has developed cybersecurity education programs for industry, academia, and the government, I know first-hand how difficult it can be for even advanced IT professionals to grasp the complex concepts in cybersecurity. In my role as Executive Director of the Center for Information Assurance and Cybersecurity at the University of Washington in Seattle, among other positions I hold, I have seen even the best and brightest of the nation’s high-tech sector struggle when it comes to this still-new discipline. The difficulty is compounded by the varied missions that public, private, and academic organizations pursue.

      My center at the University of Washington is a Center of Academic Excellence in both Cybersecurity Education and Research, so designated by the National Security Agency and the Department of Homeland Security. This honor means that we are well placed to help bridge the cybersecurity communications gaps that exist across crucial sectors of society: government, industry, and academia.

      At the University of Washington, we take a pragmatic approach to equipping our students with the skills they need to enter the cybersecurity workforce. We emphasize critical thinking along with information management and technical skills so that we graduate ‘breach-ready’ students. Since there is no system that is 100% secure, we ingrain in our students the importance of having risk management tools in their toolkit, so they are equipped to make rational choices about what to protect and where to spend scarce cybersecurity dollars. We’ve found that the NIST Cybersecurity Framework is highly useful in conveying concepts in risk management.

      The Framework does not offer step-by-step instruction on installing a firewall, for example, nor does it recommend any specific technology for, say, managing patch updates. Instead, it offers a way to comprehensively manage cybersecurity risks by drawing on the best-of-breed conceptual thinking from other risk management frameworks, informed by prevailing standards. It teaches our students how to think about solving a cybersecurity problem and that there is no ‘one-size-fits-all’ solution.

Скачать книгу