The Obama administration launches its Cyber-security Framework which was released for the businesses to take more precautions against hackers or cyber security threats.
Commerce Department’s National Institute of Standards and Technology framed the guidelines where they explain the steps companies can take to both prevent as well as respond to the cyber-attacks.
|Image Credit : wikimedia.org|
Obama signed the executive order following his State of the Union address last February and also stated that it was a move to force Congress to pass wide-ranging cyber-security legislation and this will increase information sharing between the government and private companies and organizations.
White House press release stated that “Over the past year, individuals and organizations throughout the country and across the globe have provided their thoughts on the kinds of standards, best practices, and guidelines that would meaningfully improve critical infrastructure cyber-security. The Department of Commerce’s National Institute of Standards and Technology (NIST) consolidated that input into the voluntary Cyber-security Framework that we are releasing today.”
There are three components in the Framework. 'The Framework Core', 'The Profiles', and 'The Tiers' components would be in use to determine organizations' own security practices are lacking.
The components are described below:
• The Framework Core - A collection of cyber-security activities and instructive recommendations that are common across critical infrastructure sectors. The activities are classified as: Identify, Protect, Detect, Respond, Recover. They are to provide “a high-level view of an organization’s management of cyber risks.”
• The Profiles - This will help companies align their cyber-security activities with business requirements, risk tolerances and resources. The firms can use the Profiles to better comprehend their existing cyber-security state, support prioritization, and to measure progress toward meeting targets.
• The Tiers - It provide a means for companies to view their methods and processes for managing cyber-risk. The Tiers range from Partial (Tier 1) to Adaptive (Tier 4) and layout a mounting degree of precision in risk management practices, “the extent to which cyber-security risk management is informed by business needs, and its integration into an organization’s overall risk management practices.”