What We Do
- Orbus TV
- Sign In
What is NIST?
A definition of tte NIST Cyber Security Framework
Watch the Governance, Risk & Compliance Video
NIST is designed with the intent that companies and other organizations use an assessment of the business risks they face to guide their use of the framework in a cost-effective way. The framework proposes using business drivers to guide cybersecurity activities and considers cybersecurity risks as part of the organization’s risk management processes. The framework comprises three main components: Framework Core, Framework Profile, and Framework Implementation Tiers.
The Framework Core is a set of cybersecurity activities, outcomes, and informative references which are common across critical infrastructure sectors. Security architects can use this detailed guidance to develop individual organizational Profiles that closely reflect the realities of their situation. By enabling them to set up these Profiles, the framework helps organizations align their cybersecurity activities with business requirements, risk tolerances, and resources. The Tiers provide a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risks. They effectively tell organizations how their present cybersecurity risk management capabilities compare to the best practices featured in the framework. The four Tiers of maturity are: .
Tier 1: Partial Risk management is ad-hoc, with limited awareness of risks and no collaboration with other stakeholders.
Tier 2: Risk Informed There are risk management processes set up, but these are not consolidated enterprise-wide; collaboration is understood yet there are no formal capabilities.
Tier 3: Repeatable Formal policies for risk management processes are in place enterprise-wide, with external collaboration also present.
Tier 4: Adaptive Risk management processes are based on first-hand experience and well-embedded in the company’s culture, while collaboration is proactive.
Book a Demonstration
Let us show you what iServer can do for you with a free, personalised demonstration of iServer's capabilities.Book your Demo
Microsoft®, Visio® and Office® are all registered trademarks of Microsoft Corporation. The Open Group®, ArchiMate®, TOGAF® are registered trademarks of The Open Group. IT4IT™ is a trademark of The Open Group. ITIL® and PRINCE® are registered trademarks of AXELOS Limited. The Swirl Logo™ is a trade mark of AXELOS Limited. Copyright © AXELOS Limited 2016 All rights reserved. Material is reproduced under license from AXELOS. COBIT® is a registered trademark of ISACA and the IT Governance Institute, and material is reproduced under license from ISACA.