Featured How Your Organization Can Benefit from the NIST Cybersecurity Framework

Published on June 20th, 2022 📆 | 3890 Views ⚑

0

How Your Organization Can Benefit from the NIST Cybersecurity Framework


TTS

The primary goal of the NIST cybersecurity framework is to reduce cybersecurity risk to an acceptable level.

Everyone loves a good life hack, right? Iā€™ve found that one such hack for those in cybersecurity isĀ the NIST Cybersecurity Framework.

When the National Institute of Standards and Technology (NIST) first released its cybersecurity framework (now known as the NIST CSF) in 2014, it was looked to as a ā€œgold standardā€ for how organizations should organize and improve their cybersecurity program. Many chose to emulate the NIST CSF since itā€™s theĀ simplestĀ one to implement and follow. But donā€™t let the previous sentence fool you. The NIST CSF is also complex when you really get into the weeds.

While the NIST cybersecurity framework serves several purposes, its primary goal is to reduce cybersecurity risk to an acceptable level for an organization. Iā€™d say the close second is to provide a commonĀ languageĀ for all organization stakeholders to use to maintain clear and consistent messaging. It keeps everyone aligned and informed on the direction the organization wants to take regarding its cybersecurity posture.

In addition to having the NIST CSF as a guiding light, it also aids in identifying gaps in your knowledge. We simply donā€™t know what we donā€™t know, and often thatā€™s due to not having experienced certain learning opportunities in our day-to-day activities. While the NIST CSF is not a one-size-fits-all framework, itā€™s meant to provide guidance and complement an existing risk management program. And, in the absence such a program, the framework should be leveraged to initiate one.

What is the NIST Cybersecurity Framework?

The NIST Cybersecurity Framework (CSF) is a set of guidelines designed to help organizations secure their critical infrastructure and improve their ability to identify, prevent, detect, respond and recover from cyber incidents. Today, it is embraced by many to help manage their organizationā€™s cybersecurity risks and provide a common language to leverage between technical and non-technical teams.

While other standards and guidance have existed for many years, the need to create the NIST CSF specifically came from Executive Order 13636Ā Improving Critical Infrastructure Cybersecurity,Ā which was signed in February 2013. Since then, versions 1.0 and 1.1 of the framework have been released. Version 1.1, the most recent, was released in April 2018. The NIST CSF will likely see an update soon, as the organization has indicated the goal of updating at least every three years.

So, if the framework was created to address critical infrastructure, does that mean that some organizations wonā€™t benefit from it? Not at all.

The documentation clearly calls out that the framework can and should be used by any organization in any sector: ā€œWhile the Framework has been developed to improve cybersecurity risk management as it relates to critical infrastructure,Ā it can be used by organizations in any sector of the economy or society.Ā It is intended to be useful to companies, government agencies, and not-for-profit organizations regardless of their focus or size.ā€





Essentially, all organizations should be using it to some extent to help guide them through the process of securing their assets. If I had toĀ elevator pitchĀ the NIST CSF, Iā€™d sayĀ itā€™s a framework that provides a standardized common language for organizations to identify, assess and mitigate cybersecurity risksā€”resulting in a stronger cybersecurity posture. Its value is found in the simplified approach of helping organizations continuously iterate to uncover and address evolving cybersecurity risks.

So, whatā€™s in the NIST CSF? It is composed of a Framework Core that includes Functions, Categories, Subcategories and Informative References.

Click here for a full review the five functions and some of the categories within each function.

Want some help evaluating your existing stack against the NIST CSF? Watch our on-demand webinar, Leveraging A Proven Framework to Evolve Your Stack, for some expert insight.

Ā 

This guest blog is part of a Channel Futures sponsorship.



Source link

Tagged with: ā€¢ ā€¢ ā€¢ ā€¢



Comments are closed.