Before the invention, or application, of the open computer network, there was largely not much need to concern yourself with cybersecurity; in a closed system there is a very small chance of needing to have a secure network. These days you can not go very far without running into some cybersecurity threats, from Russia botnets to Chinese cyber spies, meaning that these days you can not have a computer system without having some measure of security. As with most things, a step-by-step approach to security is a great way to fight possible intrusions, this document offers a basic understanding of cyber terms and ideas, while presenting steps to stop these events from happening.
Section 1.
In this section we are introduced to the concepts and terms of cybersecurity. For anyone that is new to this, this provides some good insight into the processes that go into the topic of this paper. Even more than that the first section is a good starting point for the reading of this paper, simply because it offers an appendices.
Section 2.
This section is a better use for companies and professionals. First the paper goes over the steps in responding to a cyber attack. This is a good set of information because it breaks down the main steps it takes to fight a cyber attack. From Identifying the risk, to Recovering from the attack, this section would teach someone a good framework for combating security threats. Furthermore, the paper goes in to the different sections of the framework, identifying the steps that someone who have to take to meet the framework requirements, making the solutions that much easier to obtain. The next part of that sections talks about how prepared someone is for a cyber attack; the writer introduces the person reading to the tiers of cybersecurity, in each tier it details what actions from the framework are done to achieve each level. Using this section, a business owner or IT professional could figure out a good starting point for their own cybersecurity actions and structure.
Section 3, 4.
With the majority of the process of how to assess a cybersecurity risk and come up with a gameplan figured out, these two sections do an overview of how to implement the framework and assess implementation. While section 2 does an overview of the implications and details of the framework, section 3 is really where the document gets into usable information, breaking down how to use the framework. The third section goes through numerous steps of how to apply the framework, in detailed fashion without being too specific. Section 4 gives a good overlook at everything, while specifically talking about how to assess how good your framework for cybersecurity is, by the benchmarks section 2 gave us.
Overall
This document is either very useful or not very useful, really what it ends up doing is making a methodical approach to cybersecurity, but really only for someone completely new to the topic. While the information in the document is useful, its really rather broad for addressing specific issues. In the hands of someone who is familiar with cybersecurity, a skim through lets you see that what they talk about really come down to common sense; this disparity is usefulness is actually even further widened if that professional has already been through a hack. For those completely new to the ideas of cybersecurity this document really gets the ball rolling, its a little confused at how involved executives get with computers or IT (IT downsizing followed by the panic of realizing nothing works happens way to often), but it does offer the beginnings of solutions. If someone has not read this, and is going into IT or a systems job that puts them on the front line, then they should definitely read this and it contains a lot of great information.
As someone who has worked for a company that has gotten hacked, I would keep this on file to give to the upper management, and would likely use it as a basic learning tool; I would be worried otherwise of giving out too much information to people are unfamiliar with the terminology.