NIST framework advises on beefing up cyber security

A new guideline recently released by the United States National Institute of Standards and Technology can help organizations enhance their corporate cyber security position.

The NIST’s Preliminary Cyber security Framework is voluntary for American businesses. However many of the strategies it contains draw from existing best practices that are applicable to a wide-variety of businesses within and outside the U.S. While non-specific in nature, the document references a number of standards from NIS, the International Society of Automation, the International Organization for Standards (ISO) and other organizations.

“We want to turn today’s best practices into common practices, and better equip organizations to understand that good cyber security risk management is good business,” said NIST Director Patrick Gallagher.

The framework can help firms gauge their cyber security maturity and help them improve the “bottom line” as well, he said.

The framework advises businesses to conduct a risk assessment and then provides steps on how organizations can implement or improve their cyber security program.

The document defines four tiers of cyber security readiness. At the lowest tier is a business with risk management practices that are not formalized.

Click here to view the NIST framework

Read the whole story here

Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web