Main Menu
Home / IT Best Practices / How the NIST Cyber Security Framework Can Help Secure the Enterprise

How the NIST Cyber Security Framework Can Help Secure the Enterprise

The government isn’t always getting in the way. Sometimes, it’s creating protocols that indirectly benefit IT and business agendas. In the case of cyber security, the National Institute of Standards and Technology (NIST) has created a set of guidelines that allows organizations to measure the security of their IT systems. As Jack Jacobson for InfoWorld explains, the 42 page cyber security framework (CSF) was initially commissioned by the White House to aid our national infrastructure but applies equally well for most businesses.

A Document of Cyber Merit

The NIST framework was heavily sourced and edited, with multiple drafts posted for comment and revision:

In its final form, the framework offers a core set of activities to anticipate and mitigate against attacks on systems. It provides a set of measurements to assess to what degree an organization has implemented these core activities, which can be used as a gauge to assess how prepared the organization's systems are, in terms of being secured against an attack.

Chief Audience

Critics of the CSF point to its lack of specificity, but those who find value in the document contend that it provides the guiding principles that CIOs require to place their security decisions within a broader (national) context. The document specifically targets CIOs, steering committees, and management’s upper levels–any position responsible for making important decisions about IT security.

Attributes of Importance

A number of constructive attributes have been named by proponents. Some laud the report’s brevity, making it easily accessible. Supporters also like that it focuses on governance and action within organizations, taking a risk-based approach to improve cyber security. And though the framework itself lacks detailed and concrete advice, it offers references to sources that do.

One limiting factor has the potential to cancel out all of the CFS benefits, and that factor is money. Organizations must be willing to commit the resources necessary to implement adequate security measures. A framework is only as good as its funding.

To read the entire article, visit:

About Eric Anderson

Eric Anderson is a staff writer for CAI's Accelerating IT Success. He is an intern at Computer Aid Inc., pursuing his master's degree in communications at Penn State University.

Check Also

How to Be More Productive without Burning Out

While burnout used to be more common in lower-ranking positions, it has flipped and now …

Leave a Reply

Your email address will not be published. Required fields are marked *

Sorry, but this content
is for our subscribers only!

But subscribing to ACCELERATING IT SUCCESS is FREE and only one click away!
Join more than 40,000 IT Professionals and get the best IT management articles to your mailbox with Accelerating IT Success!

Unsubscribe at any time