The Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”) was issued on February 12, 2014. This voluntary framework – based on existing standards, guidelines, and practices – provides a prioritized, flexible, repeatable, performance-based, and cost-effective approach to managing cybersecurity risk at all levels in an organization and is applicable to organizations of all sizes and sectors. The Framework was developed in a year-long, collaborative process in which NIST served as a convener for industry, academia, and government stakeholders. This collaboration continues under the direction of the Cybersecurity Enhancement Act of 2014, as NIST works with stakeholders from across the country and around the world.
The Framework provides a common language for understanding, managing, and expressing cybersecurity risk both internally and externally. It can be used to help identify and prioritize actions for reducing cybersecurity risk, and it is a tool for aligning policy, business, and technological approaches to managing that risk.
This webcast will provide the audience with a brief history of how the framework was developed, supply an understanding of each of the three primary Framework components (The Core, Implementation Tiers, and Framework Profiles), demonstrate how the Framework can be used by organizations, and introduce the Framework Roadmap and Industry Resources. The audience will have an opportunity to ask questions during a Q&A session at the end of the presentation.