The National Institute of Standards and Technology's framework of cybersecurity standards, released five years ago, helped power a cost-effective approach to cyber risk management at the Defense Department that aligns in many ways with how the framework is employed by the private sector, according to senior National Security Agency official Pat Arvidson. "How excited we are about the cybersecurity framework and what DOD has been able to do with the program," Arvidson said, offering a defense/national security take that complements...
