There is one executive order that stands out from the 180-plus that have been penned by the current president of the US, the contents of which should evoke sweet emotion and decisive action from diligent corporate officers and directors trying to ensure protection from cyber threats: Executive Order 13636, encouraging the use of the NIST Cybersecurity Framework.

What is the NIST Cybersecurity Framework?

The framework was developed by the Department of Commerce’s National Institute of Standards and Technology (NIST), which wisely incorporated the insights of individuals from private industry and critical infrastructure organisations throughout the country and across the globe regarding cyber security standards, best practices and guidelines for critical infrastructure. They shared a common passion for blocking the enemy as they engaged in the development of the framework, providing advice and methodology that they, as well as others, can actually use. The framework turns out to be quite good, even if it is necessarily technical and comprehensive.

The framework has three main sections: the ‘core’ defines a set of common cyber security activities defined by the relevant action: identify, protect, detect, respond or recover. The ‘profile’ focuses on defining improvement outcomes to help prioritise investment and measure improvement and the ‘tiers’ ascribes cyber security maturity to an organisation.

For organisations that don’t know where to start, the framework provides a road map. For all organisations, despite their cyber security maturity, the framework reinforces the connection between business drivers and cyber security activities.

Jul-Sep 2015 Issue

Orange Star Consulting