Cyber defense
, highlighting the standard dedicated to the “Cybersecurity Framework”65
Download 2.54 Mb. View original pdf
|
| 64 , highlighting the standard dedicated to the “Cybersecurity Framework” 65 that provides a common language for understanding, managing, and expressing cybersecurity risk to internal and external stakeholders it facilitates the identification and prioritization of actions to reduce cybersecurity risk and it aligns policy, business, and technological approaches to managing that risk. 655. Another NIST reference in cyber defense is the NICE 66 (National Initiative for Cybersecurity Education) framework, a joint initiative between the United States government, academia and private sector in order to stimulate and promote a cybersecurity education, training and education ecosystem. 656. The NIST standards, although they are federal standards of the United States, are, de facto, internationally accepted and reputable standards and have the advantage that they are freely accessible, which facilitates the work of standardization. In particular, cybersecurity standards standout for clarity, organizational order and the inclusion of online training. 657. The National Cryptography Center of Spain (CCN-CERT) has a complete set of information technology and telecommunications security guides (STIC guides 67 ), in Spanish, and many of them are freely accessible. In addition to the STIC guides, they have a quite complete set of STIC tools 68 and training 69 . The EAR/PILAR 70 tools are worth highlighting, for the analysis and risk management of an information system following the MAGERIT 71 methodology (official in Spain and NATO). 658. Other cybersecurity standards of fine repute are those developed by Germany’s Federal Office for Information Security (BSI) which can provide another useful vision. 72 GUÍA DE CIBERDEFENSA ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR 92 |