The NIST Cybersecurity Framework can help you understand your risks.
Are you secure? Unfortunately, there is no way to prove that no one can breach your security. You can be compliant with any number of different regulations and frameworks and still be caught by some new attack or unanticipated vulnerability. That is one reason I like the Framework for Improving Critical Infrastructure Cybersecurity, released last year by the National Institute of Standards and Technology (NIST).
Our experience with this framework has been very positive, and we plan to continue to use it throughout Intel and with our suppliers and partners. I would encourage any size organization to evaluate and implement it also. When you do, we have a few suggestions to share from our initial project:
- Do it yourself. This is a process for discovery and discussion, not a checklist or assessment that can be done by a consultant.
- Start small and easy. It’s best to start with a small group that is comfortable with at least some of the language and technology, not across the whole organization.
- Customize for you. This is not a one-size-fits-all framework. Tailor the components for your business and technology environment.
- Work with decision makers. Risk management is not a static process, and it touches all levels of the organization. Engage them early and continually.
Full Article