In response to increasing threats from data breaches, President Obama issued Executive Order 13636 entitled “Improving Critical Infrastructure Cybersecurity” in 2013. The National Institute of Standards and Technology (NIST), acting upon that order and working with the private sector, developed a voluntary set of standards, guidelines, and practices to help manage and mitigate the risks associated with cybersecurity.
Are you prepared to create a cybersecurity strategy that truly protects you? There is no better occasion than now to get your firm equipped for the fight!
For companies that lack a cybersecurity strategy, the issuance of these voluntary standards can serve as a convincing starting point for the development of this plan. As a result, NIST built the approach on three essential elements consisting of the Framework’s Core, the Framework’s Implementation Tiers, and two essential Framework Profiles.
There are five principles associated with the Framework’s Core:
- Identify –classifying critical structures in order to prioritize one’s security requirements
- Protect – determining the appropriate cybersecurity options
- Detect – implementing procedures for the detection of cybersecurity threats
- Respond – developing and executing a plan of action in response to a threat
- Recover – Formulating procedures to return to complete functionality after an incident
The Framework’s Core lays the groundwork for cyber awareness and best practices.
Framework Implementation Tiers
The tiers associated with the Framework represent the level of involvement within a company regarding their cybersecurity efforts. These planes of involvement are:
- Partial – the organization understands that cybersecurity is important, but lacks a formal policy and plan of action
- Risk-Informed – the organization has a disjointed cybersecurity policy that is not fully implemented or broadly utilized
- Repeatable – a formal cybersecurity policy is in place, which is regularly updated based on predetermined calendar intervals, not the changing threat landscape
- Adaptive – a well-informed cybersecurity policy has been implemented, which evolves quickly to emerging cyber threats
These tier designations lead firms toward a deeper understanding of best practices, while funneling decision makers to an ever improving security stance for their business.
The NIST divides the Framework’s Profiles into two categories. The first category represents the current state of a company’s cybersecurity awareness. This attentiveness includes policies, procedures, and practices that prevent, handle, and lead to recovery following a cyber attack. The second category represents a target goal in regards to any firm’s cybersecurity response plan. By understanding a company’s current standing coupled with thoughtfulness towards future security plans, a strategy can be implemented to reduce one’s target profile. In the end, risk reduction is the ultimate goal of the Framework’s endeavor, as firms plan and implement measures to become hardened targets.
NIST Cybersecurity Framework
Finally, the NIST’s goal is improving critical cybersecurity infrastructure throughout the United States by increasing awareness and providing broad guidelines for voluntary participation. The Framework itself promotes a comprehensive review of cybersecurity awareness, which will become increasingly important as the threat landscape becomes more hostile to anyone with an internet connection.
Information Systems Integration is here to help you combat the increasingly sophisticated threat of cybercrime. Call us at (866) 788-2354 or send us an email at firstname.lastname@example.org now before it’s too late.
“Teaming up with ISI over 16 years ago has proved to be one of the best business decisions I ever made.”