What is NIST Cyber security Framework?

Background

The National Institute of Technology (NIST) created the Cyber Security Framework (CSF) to provide organisations with guidance on how to Identify, Protect, Detect, Respond and Recover from cyber attacks.

A voluntary framework that prioritises a flexible, repeatable, and cost-effective approach that helps owners and operators of critical infrastructure to manage cyber security related risk.

Uses of the Cyber Security Framework

The Framework is designed to complement existing business and cyber security operations, and can be used to:

Understand security status.
Establish / Improve a cyber security programme.
Communicate cyber security requirements with stakeholders.
Identify opportunities for new or revised standards.
Assists in prioritising improvement activities.
Enables investment decisions to address gaps.

How does nist improve security?

The Framework provides a common taxonomy and mechanism for organisations to:

Describe their current cyber security posture;
Describe their target state for cyber security;
Identify and prioritise opportunities for improvement within the context of a continuous and repeatable process;
Assess progress toward the target state;
Communicate among internal and external stakeholders about cyber security risk.

Business value

The Cyber Security Framework has helped organisations:

Integrate the functions into your leadership vocabulary and management tool sets.
Determine optimal risk management using Implementation Tiers.
Reflect on business environment, governance, and risk management strategies.
Develop Profiles and Road maps to prioritise improvement activities.

Why NIST CSF?

The NIST CSF can help an organisation begin or improve their cyber security programme. Built off of practices that are known to be effective, it can help organisations improve their cyber security posture.