Wednesday, 28 May 2014

NIST Releases Cybersecurity Framework Version 1.0

NIST will be presenting on the Industrial Control Security Europe conference in London September 29th and 30th and also October 6th & 7th in Sacramento California for the Industrial Control Security USA conference. 


http://www.industrialcontrolsecurityeurope.com 
http://www.industrialcontrolsecurityusa.com


NIST Releases Cybersecurity Framework Version 1.0

For Immediate Release: February 12, 2014

NIST Releases Cybersecurity Framework Version 1.0

To help organizations charged with providing the nation's financial, energy, health care and other critical systems better protect their information and physical assets from cyber attack, the Commerce Department's National Institute of Standards and Technology (NIST) today released a Framework for Improving Critical Infrastructure Cybersecurity. The framework provides a structure that organizations, regulators and customers can use to create, guide, assess or improve comprehensive cybersecurity programs.
In February 2013, President Obama issued Executive Order 13636: Improving Critical Infrastructure Cybersecurity. The order calls for the development of a voluntary, risk-based Cybersecurity Framework—a set of existing standards, guidelines and practices to help organizations manage cyber risks. The resulting framework, created through public-private collaboration, provides a common language to address and manage cyber risk in a cost-effective way based on business needs, without placing additional regulatory requirements on businesses.
"The framework provides a consensus description of what's needed for a comprehensive cybersecurity program," said Under Secretary of Commerce for Standards and Technology and NIST Director Patrick D. Gallagher. "It reflects the efforts of a broad range of industries that see the value of and need for improving cybersecurity and lowering risk. It will help companies prove to themselves and their stakeholders that good cybersecurity is good business."
The framework allows organizations—regardless of size, degree of cyber risk or cybersecurity sophistication—to apply the principles and best practices of risk management to improve the security and resilience of critical infrastructure.
Organizations can use the framework to determine their current level of cybersecurity, set goals for cybersecurity that are in sync with their business environment, and establish a plan for improving or maintaining their cybersecurity. It also offers a methodology to protect privacy and civil liberties to help organizations incorporate those protections into a comprehensive cybersecurity program.

No comments:

Post a Comment