cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Newcomer II

Why (another) Cybersecurity Framework?

I think I have heard this question a dozen times over the past month. Enough times, to write about it and explain what value the NIST Cybersecurity Framework is bringing to the security of the whole Nation.

As usual in life, there is not one way to implement a solution but many (i.e. "A thousand roads lead men forever to Rome"). That is also true for Security frameworks. There is no shortage of frameworks, with most of them being industry specific. So, how does the NIST Cybersecurity framework fit in? It actually is not intended to compete with any of the existing frameworks. It actually is intended to help at a Macro Security level, addressing risks due to gaps that exists when organizations with different frameworks interact with each other (B2B). It provides organizations with mappings between some of the major frameworks (See Appendix A). It allows companies to establish a framework profile and tiers that can be used to evaluate the security maturity of an organization in two dimensions. One being the categories and subcategories - what is missing, what are we already doing?

 

 

I didn't find the right solution from the internet.
References:

 

https://cyber.securityframework.org/topic/51-why-another-cybersecurity-framework/

 

 

whiteboard animation