总体看了一遍，记录几点。

ISO 31000 是一个风险管理指南，不是用来做认证的。标准正文24页。

标准主要讲了三部分：原则、框架、流程

术语部分对风险、事件、后果、可能性、风险管理、管理风险、策略、风险喜好等做了说明和区分，写的非常清晰，篇幅较多，共7页。建议多阅读几遍。

原则部分强调：风险管理要为企业创造价值、保护价值；风险管理是组织管理体系的一部分；风险管理是决策的一部分；风险管理要考虑到人和文化的因素。

框架部分与ISMS思路基本类似，设计、落实、监控、改进，突出了几点：理解企业的环境、责任、融入企业流程、资源、沟通与报告。

流程部分强调几点：建立内外环境、定义风险标准。

总体上，标准写的很容易懂，与其他风险评估标准不同的是更加侧重与企业管理体系的融合和企业环境的考虑。作为一个结构化的思考框架，很多地方值得学习和参考。

开发、讲授课程是一件很不容易的事情，最大的难点在于选择讲什么、怎么讲。所以必须花费很多的时间进行全盘思考、精心设计，开发课程类似编剧，讲授课程如同演出。

开发课程需要时间会比较长，但实际上很多都是赶鸭子上架，不到最后关头是拿不出来的，这里不去分析时间管理的问题。开发课程遵循的原则是“信、达、雅”，讲义上所有数据、图片、引用都应该有来源，这样既显得严谨又能让听众信服，还能指引延伸阅读。文字要流畅，能用短语的就不要用长句，除非特别引用，否则最好不要出现大段的文字。错别字连篇、分不清“的、地、得”、词不达意、逻辑混乱，这些都要不得。初次文字完成后，一定要舍得砍，越砍越精炼。雅，更多是布局上的考虑，能够引起视觉注意的有大小、颜色、方向，该大的字不能吝啬，该小的字要保证坐在后排要看得清，如果你在讲授过程中发现后排的人一直低头，首先想到的是不是字太小了。颜色要和谐搭配，但不能变成花脸。方向在一定程度上能暗示趋势，比如上升或下降。在图片的旁边要有简要解释，不能让人一头雾水。

 除了形式，内容编排更要精心设计，要逻辑清晰、边界明显、上下连贯、重点突出。课程是让学员在有限的时间内熟悉、理解、掌握知识点，不要搞成味同嚼蜡。

 功夫在诗外，讲授课程不是读本子。美国钢铁公司创始人安德鲁·卡内基说：“我相信，在任何一个领域要想获得卓越的成功，自己必须精通于斯”。也就是说，讲课的人一定是这门课程的专家（或深谙多年），否则讲课效果会大打折扣。他们都具有旁征博引、深入浅出的能力，看问题深刻，讲出来简单。在讲授过程中，重要知识点一定要花时间花力气讲清楚，不要怕重复，只有多重复几遍学员才能有更多理解。讲课的目的是为了讲明白，而不是讲完。

 要想本子写好讲好，日常需要多积累、多揣摩、多练习、多尝试。当你看到乔布斯在台上完美的演出时，你应该想到其实那个本子被砍了无数次、那个演出被练了无数遍。

Source: http://www.physorg.com/news176138448.html

The National Cybersecurity and Communications Integration Center (NCCIC) brings together various government organizations responsible for protecting cyber networks and infrastructure and private sector partners.

"This will be a 24/7, 365-day-a-year facility to improve our national efforts to prepare and respond to threats and incidents affecting critical information technology and communications infrastructure," Napolitano said.

She said the NCCIC will serve as the "central repository" for the cyber protection efforts of the civilian side of the federal government and its private sector partners.

Attending the ribbon-cutting ceremony for the NCCIC was the head of the US military's "cyber command," Lieutenant General Keith Alexander, director of the super-secret National Security Agency (NSA).

The high-security new NCCIC facility is located in an Arlington, Virginia, office building and includes a long narrow room dominated by giant wall-mounted video screens displaying maps and threat data. Facing the screens are dozens of computer work stations with multiple screens.

"Securing America's cyber infrastructure requires a coordinated and flexible system to detect threats and communicate protective measures to our federal, state, local, and private sector partners and the public," Napolitano said.

"Consolidating our cyber and communications operations centers within the NCCIC will enhance our ability to effectively mitigate risks and respond to threats," she added.

NCCIC combines two Homeland Security operational organizations: the US Computer Emergency Readiness Team (US-CERT) and the National Coordinating Center for Telecommunications (NCC).

US-CERT is a public-private partnership aimed to protecting and defending cyber infrastructure while the NCC is the operational arm of the National Communications System.

NCCIC will also integrate the National Cybersecurity Center (NCSC), which coordinates operations among the six largest federal cyber centers.

Napolitano, whose department has received the green light to hire up to 1,000 cybersecurity experts over the next three years, stressed the private sector participation in the NCCIC, noting they will have "offices in the same space."

US-CERT currently partners with a number of private sector companies such as telecommunications firms and others in monitoring cyber threats.

The opening of the NCCIC was the culmination of what has been dubbed "National Cybersecurity Awareness Month."

No single agency is currently charged with ensuring government information technology security and lawmakers have called for creating a powerful national cybersecurity advisor reporting directly to the president.

President Barack Obama has made cybersecurity a top priority and announced in May that he would name a "cyber czar" to defend against criminal, espionage and hacker attacks on US government and private computer networks.

Obama has not yet named the "cyber czar" but the 2010 Homeland Security Act that he signed on Wednesday included 397 million dollars for cybersecurity.

US government websites come under attack on a daily basis, according to the Department of Homeland Security, with the threats ranging from teenage hackers to criminal gangs to foreign governments.

(c) 2009 AFP


对于国内来说，情况就稍微复杂点了。