|The National Institute of Standards and Technology (NIST) and the U.S. Department
of Homeland Security provide resources to help organisations manage cybersecurity risks
There are resources to help guide an organisation’s management of cybersecurity risks, most prominently from the National Institute of Standards and Technology (NIST) and the U.S. Department of Homeland Security.
NIST defines cybersecurity as "the activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorised use or modification, or exploitation.”
NIST has developed a framework to provide voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organisations to better manage and reduce cybersecurity risk. The NIST Framework Core (http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf) consists of five concurrent and continuous functions:
- Identify. Understand how to manage cybersecurity risks.
- Protect. Put safeguards in place to protect assets and deter threats.
- Detect. Monitor continuously.
- Respond. Devise an action plan to react promptly in case of a cyberattack.
- Recover. Maintain resilience and recover capabilities after a cyber-breach.
In addition to helping organisations manage and reduce risks, the framework was designed to foster communications about risk and cybersecurity management among both internal and external organisational stakeholders.
The Department of Homeland Security (http://www.dhs.gov/topic/cybersecurity) offers a wealth of resources to guide businesses to minimise cybersecurity risk, to promote information sharing, and to develop new and innovative solutions to cybersecurity problems.