The National Institute of Standards and Technology (NIST) has released their draft proposition of a self-assessment cybersecurity tool for enterprise users.
NIST Shows Its Draft for a Project Cybersecurity Tool
The National Institute of Standards and Technology (NIST) has released a draft of a new self-assessment tool that is geared towards enterprise users. It is made to help them rate their security risk management initiatives. The announcement was made during the Internet Security Alliance. Its name is the Baldrige Cybersecurity Excellence Builder which uses the risk management mechanisms that are developed by the institution’s framework. The tool aims to help organizations around the world to guide their operations, improve their performance and achieve sustainable results.
According to the media reports the tool was built as a response to the demands of various organizations and companies to asses their effectiveness when implementing the cybersecurity framework.
The tool can be used by companies and security personnel to:
- Identify cybersecurity-related activities that are critical to business strategy and the delivery of critical services
- Prioritize investments in managing cybersecurity risk
- Assess the effectiveness and efficiency in using cybersecurity standards, guidelines and practices
- Evaluate their cybersecurity results
- Identify priorities for improvement
The tool and the framework can be adapted to meet the specific needs of every organization. The assessment process allows the users to determine the maturity of their cybersecurity maturity level according to the predefined levels.
A complete evaluation can lead to the creation of an action plan for upgrading existing cybersecurity practices and implementation of the defined improvements. In addition it can also be used to monitor and measure the progress and effectiveness of the process. The institute recommends that all organizations use its tool to periodically check their systems to maintain the highest level of cybersecurity threat readiness. NIST has also laid out the benefits and reasons to use the utility for the following groups of users – board and executive management staff, chief information officers (CIO), chief information security officers (CISO), it process management staff, risk management exprts, legal staff and regular employees.
NIST has issued a draft version of the utility and is actively monitoring the received feedback before publishing the final version. According to recent reports produced by Gartner 30% of all US organizations use the framework in 2015. The expectations are that this percentage will grow to 50% by 2020.
For more information you can access the draft information here.