Hardening Targets: The NSA Guide to Defending Against Destructive Malware

June 1, 2015

Faced with the increasing threat of cyber attack, boards of directors and C-level executives of public and private companies alike are becoming increasingly aware of the need to establish and maintain strategies at the C-level for preventing, detecting, and containing cybersecurity threats. While high-level decision makers may not be directly involved with the day-to-day operations of their information technology or data assets, it is becoming increasingly clear that they must have at minimum a basic understanding of how company network systems susceptible to cyberattack are managed to fight cyberattacks. As Nick Milne-Home of the software lifecycle management firm 1E pointed out recently at the MIT Sloan CIO Symposium, "If you focus on security only, without systems management, it is like putting a state-of-the-art burglar alarm into your home while leaving the doors and windows open."

While federal policymakers have signaled deep concern about cybersecurity issues and the important role these issues play in the health of the nation's economy, Congress has not yet made any significant move to compel business practices in the area of cybersecurity. In lieu of legislation, several federal agencies have developed guidance as to what are considered "best practices" to reduce the risks associated with cybersecurity threats. However, much of the available guidance–for example, the February 2014 Cybersecurity Framework by the National Institute of Standards and Technology (NIST)–is aimed at IT experts, which makes it of limited use to audiences unfamiliar with technology industry jargon and other existing security standards that help to form the agency guidance.

Read more...

About Davis Graham & Stubbs LLP

Davis Graham & Stubbs LLP, one of the Rocky Mountain region’s preeminent law firms, serves clients nationally and internationally, with a strong focus on corporate finance and governance, mergers and acquisitions, natural resources, environmental law, real estate, and complex litigation. Our lawyers have extensive experience working with companies in the energy, mining, technology, hospitality, private equity, manufacturing, asset management, and aviation industries. As the exclusive member firm in Colorado for Lex Mundi, the world’s leading network of independent law firms, DGS has access to in-depth experience in 100+ countries worldwide.