A baseline IT risk management framework
In 2013, as a direct response to Executive Order 13636, Improving Critical Infrastructure Cybersecurity, the National Institute of Standards and Technology (NIST) was tasked with facilitating the development of the Cyber Security Framework in conjunction with a number of external stakeholders. According to NIST (2014), the Cyber Security Framework “created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk”.
According to NIST, the Cyber Security Framework provides a basic baseline set of controls which organizations can use to better understand, manage, and reduce its cybersecurity risks, and to help determine “which activities are most important to assure critical operations and service delivery” (NIST, 2014).
The three main components of the Cyber Security Framework are designed to help enable organizations improve their cybersecurity practices based on their available resources, business needs from an individual standpoint, and their tolerance for risk. The implementation tiers were put into place to help businesses assess how their cybersecurity risk-management capabilities compare to the features described by the framework.
Download the CSF Controls in XLS format
Check us out at www.securitycheckbox.com