NIST Cybersecurity Framework
The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks
Overview of the Framework
- The Framework Core is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors.
- Framework Implementation Tiers (“Tiers”) provide context on how an organization views cybersecurity risk and the processes in place to manage that risk.
- A Framework Profile (“Profile”) represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories.
The NIST Security
- Following the NIST framework will lead to the creation of a “System Security Plan” that law firms can use to operationalize their IT security strategy.
- Roughly one-half of law firms were subjected to a cybersecurity audit last year, according to a presentation from the Association of Legal Administrators.
- Firms can leverage these insights to identify potential weaknesses in their systems and determine where budget is best allocated to mitigate the most risk.
- The NIST Cybersecurity Framework is a wise foundation for any law firm’s approach to information security.
The Benefits of the NIST Cybersecurity
- A set of standards, methodologies, procedures, and processes that align policy, business, and technical approaches to address cyber risks;
- A prioritized, flexible, repeatable, performance-based, and cost-effective approach to help owners and operators of critical infrastructure:
- Identify, assess, and manage cyber risk;
- Identify areas for improvement to be addressed through future collaboration with particular sectors and standards-developing organizations;
- Be consistent with voluntary international standards.