The Evolving Cybersecurity FrameworkAdam Sedgewick: An Early Assessment on the Framework
The cybersecurity framework, the package of best IT security practices issued in mid-February, isn't set in stone, but will evolve in the coming weeks, months and years, says the framework's point man, Adam Sedgewick.
In a video interview recorded at RSA 2014, Sedgewick:
- Explains the key elements of the cybersecurity framework, which is designed to help critical infrastructure operators safeguard their information assets;
- Addresses critics who say the framework is too simple to be effective and fails to address the costs to implement it; and
- Discusses how the cybersecurity framework will evolve from version 1 that was issued in mid-February (see NIST Releases Cybersecurity Framework).
Sedgewick is the senior IT adviser at the National Institute of Standards and Technology's Information Technology Laboratory, and represents NIST on the Department of Commerce Internet Policy Task Force. He also advises NIST leaders on cybersecurity. Previously, Sedgewick served as senior adviser to the Federal Chief Information Officer Council, coordinating cross-agency initiatives and assisting in the implementation of Office of Management and Budget policy and directives. For nine years, he served on the staff of the Senate Committee on Homeland Security and Governmental Affairs, handling cybersecurity and federal information technology policy.