Description
As discussed in the segment titled Cyber Programs and Roles, in today’s tech environment it is critical that organizations be pro-active and prepared when considering cyber risk management. Because of the size, complexity, and constant evolution of attack vectors there is no one-size-fits-all way to respond. it is essential to begin somewhere to establish a baseline for identifying the critical components that must be incorporated into any cybersecurity risk management approach.
Multiple risk management frameworks have been introduced including:
- NIST: National Institute of Standards and Technology (NIST) established by executive order in February 2013.
- ISO/IEC Security Control Standard: developed by the International Organization for Standardization and the International Electrotechnical Commission
- FFIEC Cybersecurity Assessment – developed for Financial institutions by the Federal Financial Institutions Examination Council
- SEC/OCIE Cybersecurity Initiative – developed for brokers by the U.S. Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations
- FCC Cyber Security Planning Guide – developed by the Federal Communications Commission for small businesses
- Although their organization and structures vary, all frameworks attempt to address the same basic functions designed by the NIST Cybersecurity Framework:
- Identify
- Protect
- Detect
- Respond
- Recover
In this course we evaluate several attributes critical to the proper establishment of a cyber risk management program. We delve into the concepts and apply thoughts as to how each component should be evaluated for your organization. The course utilizes the NIST framework as a guide for application.
Training for all programs related to cyber security by this trainer are utilizing the framework of the National Institute of Standards and Technology (NIST) as a model. This information is freely available in the public domain. For more detailed information on the framework please refer to NIST.org.
