Home / News / Report: NIST Cybersecurity Framework to Guide Companies’ Risk Mgmt Programs

Report: NIST Cybersecurity Framework to Guide Companies’ Risk Mgmt Programs

cybersecurityThe cybersecurity framework issued earlier this year is expected to guide companies to assess and manage their risk against evolving cyber threats as organizations adopt cloud computing, mobile and other emerging technologies, FCW reported Thursday.

Michael Brown writes the National Institute of Standards and Technology‘s Framework for Improving Critical Infrastructure Cybersecurity was developed following collaboration with industry to establish a structure, benchmark and road map for risk management.

Under the “Core” part of the framework, risk management programs can be structured to identify potential impact to the business, protect systems from digital risk, detect the risk itself, respond to attacks and recover the business in the aftermath of an incident.

The “Implementation Tiers” section then details the four levels of cybersecurity risk management, from partial or ad hoc implementation, to risk-informed implementation that is still isolated within IT, to repeatable implementation across the organization with help from industry partners and to adaptive implementation with continuous improvements and active industry collaboration.

Brown said these tiers are intended to describe implementations based on business needs and context, instead of as a hierarchy.

Finally, the “Profile” section indicates either an organization’s current or desired state in managing risk.

According to Brown, the NIST framework was designed to align industry best practices and experience with those of the government and to support other existing standards.

He notes that organizations can apply the guidelines from the framework to evaluate their business needs, IT resources and risk levels and draw a road map for implementation to improve or achieve their risk management targets.

Check Also

Andrew Charles: Navy Should Determine Where AI Fits Into System

Capt. Andrew Charles, director of tactical exploitation of national capabilities for the U.S. Navy, has said the service should determine where artificial intelligence technologies apply in its operations, and where they don't, Federal News Network reported Friday.

Leave a Reply

Your email address will not be published. Required fields are marked *