Given the short arm of predictive knowledge, an avenue to approach the development of cyber policy and infrastructure is via the NIST (National Institute of Standards and Technology) Cybersecurity Framework (CSF). The framework itself offers a comprehensive guideline for tackling cybersecurity threats and risks. Although the decision is voluntary, it is important for businesses and government agencies to utilize the NIST cybersecurity framework to maintain a proper cybersecurity posture. This framework “helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data” (NIST, 2019). It may be possible for an organization to mitigate cybersecurity risks without incorporating the NIST framework due to other frameworks that can be utilized. However, the NIST framework is an excellent source of standards, guidelines, and best practices to manage cybersecurity risk.
In all, the framework demonstrates a method of managing cybersecurity that is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. It is useful because it can be utilized to identify potential areas of weakness, in addition to highlighting industry practices to mitigate cyber security risks. To achieve specific cyber security outcomes, the framework core provides a set of activities and references examples of guidance to achieve those outcomes critical to infrastructure sectors. The framework core contains four key elements: Functions, Categories, Subcategories, and Informative References. There are five Framework Core functions: Identify, Protect, Detect, Respond and Recover. These five functions are implemented concurrently and continuously. The Framework for Improving Critical Infrastructure Cybersecurity five functions are described as follows by the National Institute of Standards and Technology:
• Identify – develop an organizational understanding to manage Cybersecurity rest to systems, people acids data and capabilities
• Protect – develop and implement appropriate safeguards to ensure delivery of critical services
• Detect – develop and implement appropriate activities to identify the occurrence of a cyber security event
• Respond – develop and implement appropriate activities to act regarding a detected cyber security incident
• Recover – develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cyber security incident
By utilizing a framework such as this one, successful implementation of preventative and responsive cybersecurity measures is imminent.
REFERENCES:
NIST. (2019). Cybersecurity Framework. National Institute of Standards and Technology. https://www.nist.gov/cyberframework