There are resources to help guide an organization’s management of cybersecurity risks, most prominently from the National Institute of Standards and Technology (NIST) and the U.S. Department of Homeland Security.
NIST defines cybersecurity as "the activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.”
NIST has developed a framework to provide voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. The NIST Framework Core consists of five concurrent and continuous functions:
- Identify. Understand how to manage cybersecurity risks.
- Protect. Put safeguards in place to protect assets and deter threats.
- Detect. Monitor continuously.
- Respond. Devise an action plan to react promptly in case of a cyberattack.
- Recover. Maintain resilience and recover capabilities after a cyber-breach.
In addition to helping organizations manage and reduce risks, the framework was designed to foster communications about risk and cybersecurity management among both internal and external organizational stakeholders.
The Department of Homeland Security offers a wealth of resources to guide businesses to minimize cybersecurity risk, to promote information sharing, and to develop new and innovative solutions to cybersecurity problems.
For a list of cybersecurity resources, including tools and guides, please visit www.comparitech.com
