Infrastructure Cyber Security Framework for Streamlined Security
FREMONT, CA: Based on the orders from the Obama administration for enhanced cyber security of critical infrastructure, the National Institute of Standards and Technology (NIST) has developed “Framework for Improving Critical Infrastructure Cybersecurity”. The idea is to realize a cost-effective and performance-based approach of cyber security management for the processes, information, and systems dealing with critical infrastructure. The framework provides guidance to any organization on managing cyber security risk.
The framework offers a common taxonomy and mechanism for organizations to describe their current cyber security implementation, identify and prioritize opportunities for improvement within the context of a continuous and repeatable process, and communicate among internal and external stakeholders about cyber security risk.
The framework is composed of three parts: Framework Core, Framework Implementation Tiers and Framework Profiles
Framework Core consisting of five concurrent and continuous functions namely—identify, protect, detect, respond, and recover—presents industry standards, guidelines and practices sharing the cyber security activities and outcomes across the organization from the executive level to the implementation level. It is a set of cyber security activities, desired outcomes and applicable references.
Framework Implementation Tiers describes the degree to which an organization’s cyber security risk management practices exhibit the characteristics defined in the framework.
Framework Profile represents the result of the selection made by the organization from the framework categories and subcategories.