NIST CYBERSECURITY FRAMEWORK
NIST CSF is a risk based cybersecurity framework. Organizations can use it to evaluate their current risk and can determine activities that are most important to critical service delivery and prioritize expenditures to maximize the impact of the investment.
Framework for improving critical infrastructure security
Businesses depends on the reliable functioning of business critical infrastructure. Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the business security, revenue, and employee safety and health at risk. Similar to financial and reputational risks, cybersecurity risk affects a company’s bottom line.
NIST CSF v1.1
Prioritize and Scope
The organization identifies its business/mission objectives and high-level organizational priorities.
Conduct a Risk Assessment
This assessment could be guided by the organization’s overall risk management process or previous risk assessment activities.
Determine,Analyze, Prioritize Gaps
The organization compares the Current Profile and the Target Profile to determine gaps.
Implement Action Plan
The organization determines which actions to take to address the gaps and loopholes.