Glossary
N
National Cybersecurity Protection Advancement Act
- Description: Enhances information sharing between the federal government and private sector to protect against cyber threats.
- Enacted and Enforced: Enacted in 2015, enforced by the Department of Homeland Security.
- Impacts Data Types: Threat indicators and cyber intelligence data.
- Examples: Sharing threat signatures with US-CERT.
- Potential Fines: No direct fines; supports compliance and risk reduction.
NIST Cybersecurity Framework
- Description: A voluntary framework for improving critical infrastructure cybersecurity using standards, guidelines, and best practices.
- Origin: Published in 2014 by NIST.
- Impacts Data Types: All enterprise and infrastructure data.
- Examples: Applying risk assessments and control mapping to business assets.
- Potential Fines: Indirect — failure to adopt may affect regulatory audits.
Network Segmentation
- Description: Dividing networks into sub-networks to improve performance and security.
- Origin: Used since the 1990s; formalized in security standards.
- Impacts Data Types: All internal and external network traffic.
- Examples: Isolating finance department systems from public Wi-Fi networks.
- Potential Fines: Indirect — improves compliance with PCI DSS, HIPAA, etc.