Sorry, Jim. Thought I responded the other day, but I do not see it.
For me, it is easy to list my favorites. Finally, we have a documented strategy (aka doctrine) that takes a whole of Government approach recognizing the necessity for strong private/ public partnerships, including the shift in responsibility. It fills the regulatory gaps (with teeth) and handles all risk treatments across the life cycle. I also like the formal statement that the US will collaborate with our allies to craft an asymmetric response to cyber incidents (offensive cyber, diplomatic, economic, and kinetic).
There is very little new in the strategy. Its value is in elevating existing fragments, pulling them into a focused strategy, and filling in the gaps.
The National Cyber Strategy, combined with the proposed rule changes from the Securities and Exchange Commission (SEC) scheduled for next month, are shaping up to be the most significant regulatory shift since Sarbanes-Oxley.
My least favorite is a fact of life. A big chunk of the implementation requires legislation. Fingers crossed.
By the way, love the movie reference.
------------------------------
Alex Sharpe
Principal
Sharpe42
[email protected]Co-Chair Philosophy & Guiding Principles Working Group
Co-Chair Organizational Strategy & Governance Working Group
------------------------------
Original Message:
Sent: Mar 02, 2023 11:54:25 AM
From: Jim Reavis
Subject: National Cybersecurity Strategy Released!
Hi All, the new phonebook is here! I mean the National Cybersecurity Strategy is here! What is your favorite part? Least favorite? Other analysis?
Please read and comment below. No chatbot cheating.
https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
------------------------------
Jim Reavis CCSK
Cloud Security Alliance
Bellingham WA
------------------------------