The public agency that sets standards in the tech arena (NIST) has released a new version of its cybersecurity framework to the public. The NIST CSF is a fairly comprehensive framework that can be used as a guide or a starting point for any company that wishes to build a cyber program from the ground up. While few companies follow the model to a tee, it is a commonly known business benchmark and can be seen as an aspirational set of best practices for business to follow.
Why It Matters
The NIST CSF is influential, and strongly resembles the infosec programs in place at many large organizations. The reality for many smaller companies, though, is that they would probably be overwhelmed if they tried to implement a plan that follows the CSF to the letter. Those companies can think of it instead as a reference manual to what is possible in the field of cybersecurity, and a model to consult if making decisions about specific decisions. More importantly, however, such small companies would do well to choose a few discrete items – such as multifactor authentication and employee training – and incorporate those into their environment rather than try to build the ultimate mousetrap following CSF.
Subscribe to Taylor English Insights by topic here.
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-11-15-14-55-15-714-673760d3d0763092c0219f9d.jpg)
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-11-14-18-24-27-197-6736405b1e2d60506ae65a6d.jpg)
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-11-13-20-26-26-654-67350b72d802632917900a22.jpg)