What do these two companies have in common? They were 2 of over 50 cyber attacks broadly reported within the last two weeks of December 2013. Cyber attacks have become an everyday reality which now drive home the importance of collaborative business and governmental action.
On February 2, 2013 President Obama issued executive order 13636 titled “Improving Critical Infrastructure Cybersecurity." An emphasis of the order was to establish a framework of a voluntary, risk-based best practices and standards.
On February 12, 2014 the National Institute of Standards and Technology (NIST) released the “Framework for Improving Critical Infrastructure Cybersecurity.” The framework communicates in common language how businesses can mitigate the effects of a cyber attack in an economically reasonable manner without the need for additional government intervention. The framework was written with the intent of being able to be adopted by all companies regardless of the current sophistication of their security processes.
The Framework consists of three parts:
- The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across critical infrastructure sectors, providing the detailed guidance for developing individual organizational Profiles.
- Through use of the Profiles, the Framework will help the organization align its cybersecurity activities with its business requirements, risk tolerances, and resources.
- The Tiers provide a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk.
Although not mandatory for the private sector at the current time, the government is encouraging companies to voluntarily participate in following the framework.
To assist in this, the Department of Homeland Security will be launching a volunteer program to provide companies of all sizes the basic principals which will allow them to be compliant with the framework.
Under U.S. Treasury Department guidelines, we hereby inform you that any tax advice contained in this communication is not intended or written to be used, and cannot be used by you for the purpose of avoiding penalties that may be imposed on you by the Internal Revenue Service, or for the purpose of promoting, marketing or recommending to another party any transaction or matter addressed within this tax advice. Further, RubinBrown LLP imposes no limitation on any recipient of this tax advice on the disclosure of the tax treatment or tax strategies or tax structuring described herein.
All E-Focus Newsletters Baker Tilly International