The NIST of it

Following up on their release of three years ago, the NIST has produced an updated set of guidelines for protecting against cyberattacks. Titled “Cybersecurity Event Recovery” and “Framework for Improving Critical Infrastructure Cybersecurity v1.1”, these documents are intended to assist organizations in developing risk-based approaches.

Building on previous documents, these guidelines offer new and expanded details on topics like:

  • Cybersecurity Measurement – proposing methods by cybersecurity trends and outcomes can be tracked, to build a baseline against which performance can be measured
  • Supply Chain Risk Management – examining how cyber attacks can disrupt a supply chain, and establishing standards of security and responsiveness through the chain
  • Planning for Cyber Event Recovery – detailing key considerations and recommendations for recovery planning
  • Continuous Improvement – encouraging a constant cycle of investigation, training, and upgrading to ensure readiness against both existing and emerging threats