"Opening Up a Second Front on Risk Management"

I had the pleasure of listening to Ron Ross of NIST speak on the concept of integrating cybersecurity requirements into architecture, engineering, acquisition, and the SDLC.  While none of the concepts Dr. Ross speaks about are new to those of us who have been doing this for a bit, the presentation gives a good, multifaceted look at the problem and proposed a solutions framework based on the NIST documentation.  Whether you are pro-NIST or anti-NIST, the presentation is worth a review.  You can find a link to it here, compliments of Dr. Ross. Enjoy!