Week 7 Post- Why you should adopt the NIST Cybersecurity Framework?

Week 7

October 18, 2015

Why you should adopt the NIST Cybersecurity Framework?

The NIST Cybersecurity Framework comprises best practices from various standards bodies that are proven and successful when implemented, and it also may deliver a regulatory and legal advantage that extends well beyond improved cybersecurity for organizations that adopt it early.

The framework provides an assessment mechanism that enables organizations to determine their current cybersecurity capabilities, set individual goals for a target state, and establish a plan for improving and maintaining cybersecurity programs.  It comprises three primary components: Profile, Implementation Tiers, and Core.

For most organizations, whether they are owners, operators, or suppliers for critical infrastructure, the NIST Cybersecurity Framework may be well worth adopting solely for its stated goal of improving risk-based security. Organization that adopts the Framework at the highest possible risk-tolerance level may be better positioned to comply with future cybersecurity and privacy regulations.

It is impossible to include all the aspects of cybersecurity in one practice framework but NIST provides comprehensive, prescriptive guidelines for all entities across industries.  But the framework offers worthwhile standards for improving cybersecurity, it does not fully address several critical areas.

The NIST Cybersecurity framework represents a tipping point in the evolution of cybersecurity, one in which the balance is shifting from reactive compliance to proactive risk-management standards. Organizations across industries may gain significant benefits by adopting the guidelines at the highest possible risk-tolerance level given investment capital.

Although, Adopting the NIST Cybersecurity Framework have lots of benefits but implementation may involve certain challenges. Critical infrastructure owners and providers may find difficulties to assess their Implementation Tier, which demands a holistic view of the entire eco-system and the ability to the truly objective.

References:

·      NIST 2014, “Framework for Improving Critical Infrastructure Cybersecurity”, Published on NIST.gov, on February 12, 2014. Retrieved from: http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf

·      PWC 2014, “Why you should adopt the NIST Cybersecurity Framework”, Published on PWC.com, on May 2014, Retrieved From: https://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/adopt-the-nist.pdf