Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

The NIST Cybersecurity Framework and the FTC

Via Andrea Arias at the FTC: “…The Framework provides organizations with a risk-based compilation of guidelines that can help them identify, implement, and improve cybersecurity practices.  The Framework does not introduce new standards or concepts; rather, it leverages and integrates cybersecurity practices that have been developed by organizations like NIST and the International Standardization Organization (ISO). The Framework terms this compilation of practices as the “Core.”  This Core is composed of five concurrent and continuous functions—Identify, Protect, Detect, Respond, and Recover—that provide a strategic view of the lifecycle of an organization’s management of cybersecurity risk.  Each function is further divided into categories tied to programmatic needs and particular activities.  In addition, each category is broken down into subcategories that point to informative references.  Those references cite specific sections of standards, guidelines, and practices that illustrate a method to achieve the outcomes associated with each subcategory.The five functions signify the key elements of effective cybersecurity.  Identify helps organizations gain an understanding of how to manage cybersecurity risks to systems, assets, data, and capabilities.  Protect helps organizations develop the controls and safeguards necessary to protect against or deter cybersecurity threats.  Detect are the steps organizations should consider taking to provide proactive and real-time alerts of cybersecurity-related events.  Respond helps organizations develop effective incident response activities.  And Recover is the development of continuity plans so organizations can maintain resilience—and get back to business—after a breach….”

Sorry, comments are closed for this post.