Highlights and Updates

'Framework for Improving Critical Infrastructure Cyber Security' released by the NIST

Tuesday, 25th February 2014
The US National Institute of Standards and Technology (NIST) has published its first version of a Cyber Security Framework for goverment organisations and private companies that provide critical infrastructure. It is called the "Framework for Improving Critical Infrastructure Cybersecurity" and is the outcome of President Barack Obama's Executive Order on "Improving Critical Infrastructure Cybersecurity," which he announced in his 2013 State of the Union address. The framework can be downloaded from our website in pdf format here.

The Cybersecurity Framework was developed under the NIST's guidance in cooperation with other agencies as well as the private sector. Input was provided by more than 3,000 security professionals and Industry experts.

The Framework
The Framework is designed to enable organizations regardless of size, sofistication and cybersecurity risk, to apply these principles and best practices for improving the security and resilience of the critical infrastructure that they provide.
 The Framework is not designed to replace existing processes but to complement existing business and cybersecurity operations. It can serve as the foundation for a new cybersecurity program or a mechanism for improving an existing program.

Example of how the framework can be used
An organization can use its current process and overlay it onto the Framework to determine gaps in its current cybersecurity risk approach,
or it can utilize the Framework as a cybersecurity risk management tool, and by so doing determine the activities that are most important to critical service delivery.