The government isn’t always getting in the way. Sometimes, it’s creating protocols that indirectly benefit IT and business agendas. In the case of cyber security, the National Institute of Standards and Technology (NIST) has created a set of guidelines that allows organizations to measure the security of their IT systems. As Jack Jacobson for InfoWorld explains, the 42 page cyber security framework (CSF) was initially commissioned by the White House to aid our national infrastructure but applies equally well for most businesses.
A Document of Cyber Merit
The NIST framework was heavily sourced and edited, with multiple drafts posted for comment and revision:
In its final form, the framework offers a core set of activities to anticipate and mitigate against attacks on systems. It provides a set of measurements to assess to what degree an organization has implemented these core activities, which can be used as a gauge to assess how prepared the organization's systems are, in terms of being secured against an attack.
Critics of the CSF point to its lack of specificity, but those who find value in the document contend that it provides the guiding principles that CIOs require to place their security decisions within a broader (national) context. The document specifically targets CIOs, steering committees, and management’s upper levels–any position responsible for making important decisions about IT security.
Attributes of Importance
A number of constructive attributes have been named by proponents. Some laud the report’s brevity, making it easily accessible. Supporters also like that it focuses on governance and action within organizations, taking a risk-based approach to improve cyber security. And though the framework itself lacks detailed and concrete advice, it offers references to sources that do.
One limiting factor has the potential to cancel out all of the CFS benefits, and that factor is money. Organizations must be willing to commit the resources necessary to implement adequate security measures. A framework is only as good as its funding.
To read the entire article, visit: http://www.infoworld.com/article/2610022/security-management/how-the-nist-cyber-security-framework-can-help-secure-the-enterprise.html