Blog

You need to read NIST’s Cybersecurity Framework – today

June 17, 2018

The U.S. National Institute of Standards and Technology (NIST) has just released version 1.1 of its Cybersecurity Framework. President Obama commissioned the first draft of this sprawling document in 2013 to standardize how government agencies approached cybersecurity. But it’s not just the U.S. government who can benefit from it.

Version 1.1 of the Cybersecurity Framework is packed with advice on how to secure your business.

With the threat of cyber attacks growing every day, following a standardized document like this is a very positive step. The document has some high-flying advocates too. U.S. Secretary of Commerce Wilbur Ross said;

The voluntary NIST Cybersecurity Framework should be every company’s first line of defense. Adopting version 1.1 is a must do for all CEO’s.

What’s new?

NIST based the latest version of the Cybersecurity Framework on feedback following public calls for comments. The main adjustments surround:

  • Authentication and identity
  • Self-assessing cybersecurity risk
  • Managing cybersecurity within the supply chain
  • Vulnerability disclosure

    These amendments add extra clarity and weight to this already substantial document. But, the authors are keen to point out that this collaborative guide will grow and change alongside the threat landscape.

    Engagement and collaboration will continue to be essential to the framework’s success.

    The Cybersecurity Framework will need to evolve as threats, technologies, and industries evolve. With this update, we’ve demonstrated that we have a good process in place for bringing stakeholders together to ensure the framework remains a great tool for managing cybersecurity risk.

    // Cybersecurity Framework Program Manager, Matt Barrett.

    How can the NIST Cybersecurity Framework benefit your business?

    NIST’s Cybersecurity Framework aims to set develop a set of standards, best practices, and suggestions for improving security protocols within the U.S. government. Obama commissioned these guidelines after it became clear the country’s critical infrastructure could be under threat from cybercriminals.

    The U.S. Patriot Act of 2001 defines critical infrastructure as;

    Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.

    Although the original intention was to develop these guidelines for the above causes, businesses can easily adapt the report for commercial applications.

    Five core functions

    Five core functions define the Cybersecurity Framework:

  • Identify – Understanding the risks
  • Protect – Implementing a working security strategy
  • Detect – Awareness of any new or developing threats
  • Respond – Acting in the wake of an event
  • Recover – Ensuring restoration following an attack is quick and effective

    These core functions are used in the publication as a springboard to delve deeper into cybersecurity strategies. However, by following them and using these key areas to develop a steadfast approach to cybersecurity, NIST hopes all companies operating online will benefit from their research.

    “NIST hopes all companies operating online will benefit from their research”

    In the first few paragraphs of version 1.1, the authors make it overwhelmingly clear why:

    Similar to financial and reputational risks, cybersecurity risk affects a company’s bottom line. It can drive up costs and affect revenue. It can harm an organization’s ability to innovate and to gain and maintain customers. Cybersecurity can be an important and amplifying component of an organization’s overall risk management.

    Take positive action now. Get in touch with us today to see how we can help you secure your business against the threat of account takeover attacks.

    Related Posts

    May 18, 2018

    Facebook CEO Mark Zuckerberg has been in the news for all the wrong reasons lately. And his timing couldn’t be…

    April 13, 2018

    It started out as a reliable way to protect websites from the blight of automated bots. But the Completely Automated…

    February 8, 2018

    Phishing isn’t what it used to be. Malicious websites look legitimate and crooked emails appear to come from trusted senders.…

    February 5, 2018

    Imagine if someone went on a shopping spree with your credit card, but when you called the bank, they didn’t…