Developing a Cybersecurity Framework
Setnor Byer Insurance & Risk
Business Insurance Needs, cyber security, Cyber Liability Insurance
In February 2013, President Obama issued Executive Order 13636 on Improving Critical Infrastructure Cybersecurity. This Order calls for the development of a framework of industry standards and best practices to help organizations manage increasing cybersecurity risks. On February 12, 2014, the National Institute of Standards and Technology (NIST) responded to the President’s order with its Cybersecurity Framework.
The Cybersecurity Framework, which was created in collaboration with the private sector, focuses on using business drivers to guide cybersecurity activities. It is a risk-based approach that uses common language to address and manage cybersecurity risks in a business-specific, cost effective way. This voluntary framework is made up of three parts, each of which reinforces the connection between business drivers and cybersecurity activities.
The Framework Core provides a set of activities designed to achieve specific cybersecurity outcomes. The core is made up of five broad functions that help organizations express their management of cybersecurity risks.
Identify: Develop organizational understanding to manage cybersecurity risks to systems, assets, data and capabilities.
Protect: Develop and implement appropriate safeguards to ensure delivery of critical infrastructure services.
Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
Respond: Develop and implement appropriate activities to respond to a cybersecurity event.
Recover: Develop and implement appropriate activities to maintain operations and restore capabilities or services impaired by a cybersecurity event.
For the full article please visit: http://setnorbyer.com/riskbriefs/post/Developing-a-Cybersecurity-Framework.aspx
Business Insurance Needs
, Cyber Liability Insurance
, cyber security