NIST CYBERSECURITY FRAMEWORK
NIST CSF is a risk based cybersecurity framework. Organizations can use it to evaluate their current risk and can determine activities that are most important to critical service delivery and prioritize expenditures to maximize the impact of the investment.
Framework for improving critical infrastructure security
Businesses depends on the reliable functioning of business critical infrastructure. Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the business security, revenue, and employee safety and health at risk. Similar to financial and reputational risks, cybersecurity risk affects a company’s bottom line.
NIST CSF v1.1
Identify
Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
Protect
Develop and implement appropriate safeguards to ensure delivery of critical services.
Detect
Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
Respond
Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
Recover
Develop and implement plans for resilience and to restore any capabilities that were impaired due to a cybersecurity incident.
Implementation Process
Prioritize and Scope
The organization identifies its business/mission objectives and high-level organizational priorities.
Conduct a Risk Assessment
This assessment could be guided by the organization’s overall risk management process or previous risk assessment activities.
Determine,Analyze, Prioritize Gaps
The organization compares the Current Profile and the Target Profile to determine gaps.
Implement Action Plan
The organization determines which actions to take to address the gaps and loopholes.