While I was at the NIST CSF Workshop, something I learned about is the work being done by the Better Business Bureau on Cybersecurity, especially for small businesses. This under the tagline of CYBER$3CUR1TY.
In June of 2015 the FFIEC (Federal Financial Institutions Examination Council) released the first version of their Cybersecurity Assessment Tool (CAT). The FFIEC, for those not aware, is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions and is made up of 6 different agencies.
The FFIEC already has a set of works called the IT Examination Handbooks, about a dozen, which help set down standards for IT in several areas. One of interest would be the Information Security one that was finally updated in 2016.
In May 2017, NIST hosted another Cybersecurity Workshop. This 2 day workshop was held as part of their process to update the Cybersecurity Framework. This process actually started a year ago when NIST had a request for comments on how the framework was used, followed by a workshop to review that input and see if there was a need for an update.
A big question was should the update be incremental (a version 1.1) or major (a version 2.0). The answer was more for an incremental update.
So this was followed by a draft v1.1 update at the end of 2016, followed by another request for comments on the draft, which lead to this workshop to review the results and do further work to get to a finished v1.1
A new, interesting board aimed at helping kids get into programming is the BBC micro:bit.
They have setup a Foundation to support this device, and they have a lot of information on their website.
You can purchase them from several sources. In the US, two sources are Adafruit and Sparkfun. (see the website for a list of re-sellers worldwide) Both sell the board at about $15, tho you can get a "kit" that includes a USB cable and a battery pack for a couple more bucks. Both sell an edge connector for the cards, but Sparkfun has one that allows for the board to be attacked to a breadboard HERE.
So by now hopefully most are aware of the recent Executive Order signed by President Trump. While not numbered, it came out May 11th, which was just before the planned NIST Cybersecurity Framework Workshop. Full title is "Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure".
So let's take a look at it.
It has 5 sections. Sections 4 and 5 we can basically overlook. Sec4 is definitions, while Sec5 is General Provisions.