This month, the Obama administration announced the launch of the Cybersecurity Framework, a how-to guide for organizations in the critical electronic infrastructure community to enhance their cybersecurity.
Over the past year, individuals and organizations throughout the country and across the globe have provided their thoughts on the kinds of standards, best practices, and guidelines that would meaningfully improve critical infrastructure cybersecurity.
The Department of Commerce’s National Institute of Standards and Technology (NIST) consolidated that input into the voluntary Cybersecurity Framework.
The Framework gathers existing global standards and practices to help organizations understand, communicate, and manage their cyber risks. It also offers guidance regarding privacy and civil liberties considerations that may result from cybersecurity activities.
The cybersecurity activities are grouped by five functions — Identify, Protect, Detect, Respond, Recover — that provide a high-level view of an organization’s management of cyber risks.