The recent draft of the National Institute of Standards and Technology (NIST) cyber security framework issued by the government in October clearly recommends that every level within an organization should be fully involved in Cyber security. A final version of the voluntary Cybersecurity Framework is currently scheduled for release in February 2014.
- Identify — Create an institutional understanding of motivating factors behind an attack and define a strategic risk strategy.
- Protect — Develop strong implementation safeguards to prevent interruptions to mission-critical infrastructure services.
- Detect — Comprehensive threat identification and analysis.
- Respond — Upon threat detection formulate a comprehensive response plan with prioritized actions to limit the damage.
- Recover — According to the document, this should "Develop and implement the appropriate activities, prioritized through the organization's risk management process, to restore the capabilities or critical infrastructure services that were impaired through a cybersecurity event."
November 14, 2013