New document offers updated guidance to companies looking to protect themselves.
In 2014, the National Institute of Standards and Technology (NIST) created the “Cybersecurity Framework,” a manual to help companies keep intruders out of their computer systems that manage critical infrastructure and/or intellectual property.
In 2013, President Obama issued an executive order, Improving Critical Infrastructure Cybersecurity, and called for the development of a Cybersecurity Framework. Purely voluntary, the non-industry-specific document was to provide a “prioritized, flexible, repeatable, performance-based and cost-effective approach” to manage cybersecurity risk for those processes, information and systems directly involved in the delivery of critical infrastructure services. The framework, developed in collaboration with industry, provides guidance to an organization managing cybersecurity risk.