The following podcast contains advertising to access an ad-free version of the law

fair podcast become a material supporter of law fair at patreon.com slash law

fair. That's patreon.com slash law fair. Also check out law fair's other podcast

offerings, rational security, chatter, law fair no bull and the aftermath.

I think the reason this is promising has to do with those attributes, the fact that it's owned by the

stakeholders who have the most to gain by managing cyber risk that it can be aligned

with business practices and integrate with the other types of risk management the

organizations do and the fact that it is itself dynamic and adaptive to the

changing way of we will use this technology the way the technology itself is

but we've stated from the beginning that for this framework to make sense what we're

really talking about is kicking off a continuous process and so the finish line

here is not being done it's being normal where this is just part of the

breathing and operating that we do routinely and so what we're looking for is a

policy of operation at an end point. I'm Benjamin Wittes and this is the law

fair podcast February 21st 2014. That was Patrick D Gallagher under

secretary of commerce for standards and technology and the director of NIST

speaking this week about the just released NIST cybersecurity framework

document Gallagher was speaking at a Brookings event hosted by my colleague Ian

Wallace of the Brookings Center for 21st century security intelligence he was

joined on the panel by Cameron Kerry of visiting fellow at Brookings and

former senior commerce official and by Dean Garfield president of the

Information Technology Industry Council it was a wide ranging discussion of

...