Order Now

Satisfaction Guaranteed

Contact Us

Custom Writing
Download App



Money Back

Friday, 30 May 2014 12:34

The National Institute Of Standards And Technology Featured

Written by
Rate this item
(2 votes)

The National Institute Of Standards And Technology


NIST issues Preliminary Cybersecurity Framework  by Steve Caponi & Elizabeth Sloan. Accessed from http://www.mondaq.com/unitedstates/x/275074/Data+Protection+Privacy on 11/28/2013.


The national institute of standards and technology (NIST) issued the preliminary cybersecurity Framework as required under section 7 of the President executive order of February 2012 aimed at improving critical infrastructure cybersecurity.  The order was promoted by the increased cyber intrusion into critical infrastructures.


 These intrusions are threatening the national and economic security of the country.Critical infrastructure refers to systems and assets both physical and virtual, so vital to the United States that the incapacity or destruction of such as a system would have debilitating impacts on security, national economic security, and national public health or safety. They include infrastructures in the energy sector, finance and banking, healthcare, transportation, telecommunication, defense and utilities.  The executive order also called for policy coordination, sharing of cybersecurity information, protection of privacy and civil liberties, and the development of a framework to reduce cyber risks to critical infrastructures. The framework includes standards, procedures and processes for reducing cyber risks to critical infrastructures.


 The executive order requires the NIST issue the final version of the framework in 2014 February. Industry players are welcomed to give their contribution in the course of the month of November.  Therefore, institutions are expected to conduct a gap analysis of their cybersecurity, privacy, and data governance management to identify areas they need to comply with the NIST framework.The preliminary framework is organized into five overarching cyber functions that include identity, protect, detect, respond and recover. Each of the above functions has numerous categories that are related to programmatic activities. They include activities such as “asset management,” “access control, detection processes.


 Aim of the framework

These standards will be voluntary and not a one-size-fits-all.  This is because each institution has different and unique risks.   The aim of the standards is not to replace existing organizational cybersecurity programs but to complement. The goal of the standards is to help improve existing cybersecurity protocols and create a reference for establishing new programs.  It is intended to prioritize flexible, repeatable, performance-based and cost effective programs.  They will serve as best practices for companies and agencies in the sectors included in the definition of critical infrastructure.   The standards are intended to provide specific guidance for detecting and responding to attacks, mitigating the fallout from cyber incidents and managing overall cyber risks.


 Characteristics of the framework

The framework provides a common language and mechanism for organizations to:

Describing current cybersecurity posture

Describing their target state for cybersecurity

Identifying and prioritizing opportunities for improvement in risk management

Assessing the progress toward the target state

Fostering communications among internal and external stakeholders


 Structure of the framework

The preliminary framework is organized into five overarching cyber functions that include identity, protect, detect, respond and recover. Each of the above functions has numerous categories that are related to programmatic activities. They include activities such as “asset management,” “access control, detection processes.


 It is a risk-based approach composed of the framework core, the framework profile, and the framework implementation tiers.

Framework core is the compilation of standards intended to foster the communication of cyber risks across an entire organization

The framework profile is a snapshot of an organizations current security readiness, which can be used to track progress in implementing security protocols.

The framework implementation tier describes how a specific organization manages its cybersecurity.


 

Read 1173 times Last modified on Friday, 30 May 2014 12:38
Secure Payment

Why Us