Uses and Benefits of the Cybersecurity Framework July

Uses and Benefits of the Cybersecurity Framework July 2018 [email protected]

Uses of the Cybersecurity Framework The Framework is designed to complement existing business and cybersecurity operations, and can be used to: Understand security status Establish / Improve a cybersecurity program Communicate cybersecurity requirements with stakeholders Identify opportunities for new or revised standards Assists in prioritizing improvement activities Enables investment decisions to address gaps 3

Who should use the Framework? The Cybersecurity Framework is for organizations of all Size Sector Maturity It’s not just for critical infrastructure! 4

Common Patterns of Use The Cybersecurity Framework has helped organizations: Integrate the functions into your leadership vocabulary and management tool sets. Determine optimal risk management using Implementation Tiers. Reflect on business environment, governance, and risk management strategies. Develop Profiles and Roadmaps to prioritize improvement activities

Supporting Risk Management with Framework 6

Why Use the Cybersecurity Framework? It’s a framework, not a prescriptive standard Common Language Adaptable Collaboration Opportunities Ability to Demonstrate Due Care Easily Maintain Compliance Secure Supply Chain Cost Efficiency Compliance Secure 7

Resources Where to Learn More and Stay Current For guidance on implementing the Framework see the Resources page: www.nist.gov/cyberframework/fram ework-resources-0 Framework Success Stories highlight real world implementation: [email protected] 8