The strange reality is that cybersecurity is starting to become an issue for everybody—not just businesses, but individual people. And the bigger the target, the greater the risk, so Steve Durbin writes for CIO Insight about using the NIST Cybersecurity Framework to protect the business. This is a matter of both maintaining assets and trust with your business partners.
Securing the Digital Gate
The NIST Cybersecurity Framework consists of five functions of security activity that are further subdivided into categories. Between all its various activities that pertain to information security and control objectives, businesses are eager to start aligning their programs with the framework. Durbin continues:
Although the NIST Cybersecurity Framework is voluntary, and intended as guidance rather than a formal standard, one of its development goals is to provide security practitioners with a common language for cybersecurity. This common language makes use of familiar topics in information security and clearly expressed control objectives within those topics. Using the NIST Cybersecurity Framework, together with [The Standard of Good Practice for Information Security] and other information risk management tools, will enable organizations of all sizes to effectively demonstrate to your stakeholders the progress you have made in building a robust cyber-resilience approach.
To work the framework into your organization, you should first determine the business impact of a data breach, and then think about what the most realistic threats to your business are. Anyone looking for a step-by-step process for implementation will be happy, because the framework provides such references. But you should be pairing the NIST Cybersecurity Framework with other risk management tools that are applicable to your business, in order to build the most well-rounded and robust security.
It is a pretty common refrain these days that people are unhappy with the government, but this framework looks to be an example of everyone actually being happy for once. Let’s try and keep that up. You can read Durbin’s full article here: http://www.cioinsight.com/it-management/expert-voices/mapping-to-the-nist-cybersecurity-framework.html