The National Institute of Standards and Technology has issued a preliminary voluntary framework for improving critical security infrastructures in organizations. The guide builds on the President’s executive order on cybersecurity and is designed to be a complementary addition to established security systems, including password management software tools.
SC Magazine, an online publication for security professionals, cites the proposed framework as thus:
Released Tuesday, the framework (PDF) offers guidance that supports President Obama’s “Improving Critical Infrastructure Cybersecurity” executive order issued in February. NIST has encouraged organizations to implement the voluntary framework, which is designed to complement an enterprise’s existing security management program – not replace it.
The 47-page document aims to build off of existing standards, guidelines and best practices and “provides a common language and mechanism” for organizations to carry out four major steps: to describe their current security posture; describe their target cyber security state; identity and prioritize opportunities for risk management improvement; assess their progression toward their target posture; and foster communications among internal and external stakeholders,” the framework said.
An earlier draft of the framework was published late in August to help companies prepare for the contents of the current version. It is made up of three parts, namely: the core, the profile, and the implementation tiers. Its primary aim is to help companies realize the immediacy of cybersecurity threats, and accordingly come up with solutions that will minimize such risks.
As it is designed to work alongside existing security programs and protocols, organizations that will choose to adopt it will not have to worry about the cost of a complete system upheaval. They can easily implement it without making major changes to their system and investing in more devices.
The framework will also fortify the advantages offered by online password manager tools from trusted developers such as Access Smart, LLC. While such programs already provide companies with several benefits in terms of protecting their networks and data at the point-of-entry, the framework will strengthen their infrastructure. In addition, it will serve as an effective instrument through which they can educate their staff about improved data protection within the organization.
As a result, companies are assured of higher immunity against attacks from third-party sources that may compromise their processes, functions, and operations.
(Article Excerpt and Image from NIST Debuts Preliminary Framework For Securing Critical Infrastructure, SC Magazine, October 23, 2013)