Federal agency recommendations
As mentioned in Chapter 1, United States federal responsibility for cybersecurity – and data protection in particular – is, in some ways, fragmented between different agencies and the different states. This said, the National Institute for Standards and Technology (NIST) is leading the development of cybersecurity frameworks for different critical infrastructure sectors. This work stems from an Executive Order issued in 2013 that directed NIST to work with agencies and organizations to develop a (voluntary) cybersecurity framework, the aim of which is to reduce risks to critical infrastructure. NIST was directed to undertake this work because cyber threats pose a risk not just to national security but also to economic security.
In this section, we investigate the NIST Cybersecurity Framework and how we can apply it to the Mathaholics Moodle project.