Guide to Implementing the NIST Cybersecurity Framework
2 min read
Data breaches and cyberattacks are becoming more and more common, causing many organizations to increase their spending on cybersecurity. But even with an increased security budget, cyberattacks continue to put important business systems at risk. To help overcome this problem, US President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, calling for the creation of a voluntary, risk-based framework for improving cybersecurity. In response to the EO, the National Institute of Standards and Technology (NIST) led the development of the Cybersecurity Framework (CSF). Input from industry, such as owners and operators of critical infrastructure, was a significant part of the development. Many organizations recommended ISACA’s COBIT as a good example of a cross-sector security framework and guideline that is technology neutral and addresses cyber risks. Since its release, organizations have been able to use the CSF to help them implement security measures. The new ISACA guide on Implementing the NIST Cybersecurity Framework helps organizations in this process by describing how to use existing ISACA methods to effectively implement the CSF.
As directed by the EO, the CSF provides a prioritized, flexible and cost-effective approach to address cybersecurity. Applying that framework using proven ISACA methods will help you enable your enterprise to achieve effective governance and management, which benefits its stakeholders.
Kristen LeClere
Security Engineer, G2 Inc.
[Source: ISACA]