Learn how to simplify NIST Cybersecurity Framework (CSF) adoption and gain the cyber resilience benefits of a standards-based approach
Author: Scott Schlimmer, National Intelligence Award Recipient, CISSP
The risk of cyber-attack for all kinds of organizations and businesses has soared in recent years. Malware has spread like wildfire, botnets and cybercrime software tools are easily obtained, and phishing scams have grown increasingly sophisticated. In 2014, more than 2.8 million data records were breached every single day, according to the Breach Level Index.
It’s no coincidence that 2014 also saw the publication of a document called the Cybersecurity Framework, created by the National Institute of Standards and Technology (NIST). The NIST CSF was designed to bring together the brightest minds in cybersecurity and develop a common language and a practical set of best practices to combat the rising tide of cybercrime.
Adoption of this new gold-standard framework reached 30% within two years, according to Gartner, and it’s expected to rise to 50% by 2020. The NIST CSF is a great way to assess your security credentials, identify your risks, and establish effective strategies to tighten security, both internally and across the wider community. The framework has over 900 controls and can be a challenge to implement without a methodology and platform to assist both the initial rollout and the ongoing management reporting.
There’s little doubt that the NIST CSF is effective, but it’s also a complex framework that needs to be tailored to meet an organization’s risk reduction goals. When Dimensional Research surveyed 300 IT and security professionals in the U.S., it found that 64% of respondents using the NIST CSF reported that they were not using all the recommended controls, just some of them. And 83% of organizations with plans to implement in the coming year reported an intention to adopt some, rather than all, the CSF controls. Selective adoption can yield results, if done properly, and can be a great starting point for organizations with limited resources, but for those who desire a truly holistic program, partial compliance won't be enough.
What’s required is a way to reduce the complexity and make the NIST CSF just a little more digestible for your organization. Below are some key concepts that can both simplify and accelerate your NIST CSF program...