NIST Cybersecurity Framework: Why you should be using it

0  comments

The NIST Cybersecurity Framework is not a foolproof formula for cybersecurity, after all there is no one-size-fits-all solution for security, but implementation of this voluntary guideline will surely improve your security game! The Framework includes leading practices from various successful standards bodies as well as delivers regulatory and legal advantages. Created by NIST (The National Institute of Standards and Technology), the framework was developed after 10 months of collaborative discussions with more than 3,000 security professionals.

What is the Framework?

The Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.

The Framework consists of three parts:

• The Framework Core: set of cybersecurity activities, outcomes, and informative references that are common across critical infrastructure sectors, providing the detailed guidance for developing individual organizational Profiles.

  The Framework Profiles: by using the profiles, the Framework will help the organization align its cybersecurity activities with its business requirements, risk tolerances, and resources.

• Framework Implementation Tiers: provide a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk.

By using the Framework organizations will be able to 1) Describe their current cybersecurity posture; 2) Describe their target state for cybersecurity; 3) Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process; 4) Assess progress toward the target state; 5) Communicate among internal and external stakeholders about cybersecurity risk.

With the NIST Cybersecurity Framework you can now shift from a reactive compliance driven approach to a proactive risk-management process. Adopting the framework will not only help improve your cybersecurity program, but also potentially advance your regulatory and legal standing in the future.

Visit the NIST.gov website for more information:
http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

You may also like:

Dedicated Vs. Non-Dedicated HIPAA Security Officer
What is a Dedicated and Non-Dedicated HIPAA Security Officer?
What are the primary responsibilities of a HIPAA Security Officer?
What is a HIPAA Security Officer?

Subscribe now to get the latest updates!

>