Is Cybersecurity Preparedness On Your List Of New Year’s Resolutions?
Monday, January 23, 2017
cybersecurity key, NIST,

Related Practices & Jurisdictions
Print Mail Download i

If not, it should be. If it is, you should be aware that the National Institute of Standards and Technology (NIST), a non-regulatory agency of the United States Department of Commerce, recently issued a draft update to its Framework for Improving Critical Infrastructure Cybersecurity (Framework). The original Framework was released in February 2014, and the NIST summarizes it as follows:

The Framework enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure. The Framework provides organization and structure to today’s multiple approaches to cybersecurity by assembling standards, guidelines, and practices that are working effectively in industry today. Moreover, because it references globally recognized standards for cybersecurity, the Framework can also be used by organizations located outside the United States and can serve as a model for international cooperation on strengthening critical infrastructure cybersecurity.

In addition, on January 4, 2017, NIST released An Introduction to Privacy Engineering and Risk Management in Federal Systems. Although it addresses the information systems framework of Federal Systems, the publication provides relevant guidance for other organizations that would like to more concretely embed privacy principles into their systems. Introducing the privacy engineering objectives of predictability, manageability, and disassociability, NIST sets forth a foundation for systems engineers to demonstrate how an organization implements its privacy policies and systems privacy requirements in its systems. According to NIST, this latest report “hardens the way we treat privacy, moving us one step closer to making privacy more science than art.”

In sum, the NIST Cybersecurity Framework is an important arrow to have in your organization’s quiver of cybersecurity risk management weapons. The updated framework supplements the original and further develops NIST’s voluntary guidance to organizations working to reduce cybersecurity risks, including management of cyber supply chain risks, clarifying key terms, and introducing measurement methods for cybersecurity.

©2024 MICHAEL BEST & FRIEDRICH LLP

Current Legal Analysis

More from Michael Best & Friedrich LLP

Wisconsin Supreme Court Clarifies the Rights of Guarantors in Foreclosure Actions
by: Victor J. Allen , Ann Ustad Smith
DOJ Guidance Regarding No-Poaching Agreements
by: Michael H. Altman , Eric H. Rumbaugh
New Form I-9 Required Starting September 18, 2017
by: Kelly M. Fortier , José A. Olivieri
Federal Circuit Rejects PTAB’s Articulation of Obviousness Rationale, Disregard for Evidence, and Burden Shifting
by: Melanie J. Reichenberger
After Years of Waiting, Yours or Your Competitor’s Patent Application May Quickly issue in Brazil. Are you ready?
by: Lisa L. Mueller
New EEO-1 Form Submission Stayed Indefinitely: Employers to File Prior EEO-1 Form in March 2018
by: Elizabeth N. Larson , Farrah N.W. Rifelj
Understanding Bolar and Bolar-Like Exceptions in the U.S. and Abroad – Part 2 – Canada
by: Lisa L. Mueller
Seventh Circuit Finds ERISA Plan’s Venue Selection Provision Enforceable
by: Paulette M. Mara
Federal Circuit Clarifies Boundaries of Discovery During Litigation Under the BPCIA
by: Andrew T. Dufresne
DOL Fiduciary Rule – Another Extension on the Horizon!
by: Carrie E. Byrnes , Jorge M. Leon

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins