Former Washington Gov. Gary Locke is slated to be appointed Secretary of Commerce:
Experience in technology policy will also be important for the next commerce secretary, Cantwell said, since he will have to appoint the next director of the National Institute of Standards and Technology, oversee the U.S. Patent and Trademark Office, and provide leadership on issues like cybersecurity.
The National Institute of Standards and Technology (NIST) does important stuff — like set standards and prescriptions such as the new guide on maintaining data security while teleworking. This riveting 46 page how to is written in “broad language in order to be helpful to any group that engages in telework. (see NIST release)”
In the executive summary you will find the important steps any individual should take before connecting at home or at the local cafe.
- Before implementing any of the recommendations or suggestions in the guide, users should back up all data and verify the validity of the backups. Readers with little or no experience configuring personal computers, consumer devices, or home networks should seek assistance in applying the recommendations. Every telework device’s existing configuration and environment is unique, so changing its configuration could have unforeseen consequences, including loss of data and loss of device or application functionality.
- Before teleworking, users should understand not only their organization’s policies and requirements, but also appropriate ways of protecting the organization’s information that they may access.
- Teleworkers should ensure that all the devices on their wired and wireless home networks are properly secured, as well as the home networks themselves.
- Teleworkers who use their own desktop or laptop PCs for telework should secure their operating systems and primary applications.
- Teleworkers who use their own consumer devices for telework should secure them based on the security recommendations from the devices’ manufacturers.
- Teleworkers should consider the security state of a third-party device before using it for telework.
Each of the steps are reasonable — but who will invest the resources required to make those steps effective?
Standards are being published and have been published for some time. Yet, breaches continue to occur. So, is the current status of policy and policy outcomes optimal or do we need to create another paradigm for cybersecurity?