Best practice
Increased protection
Do the authorities recommend additional cybersecurity protections beyond what is mandated by law?
The NIST Cybersecurity Framework provides voluntary cybersecurity standards for protecting private sector computer networks owned or operated by critical infrastructure entities. NIST issued the first version of the Cybersecurity Framework in February 2014, and released an updated version in mid-2018.
The Framework is divided into three parts: Framework Core, Implementation Tiers and Framework Profile. The Framework Core is designed to identify key cybersecurity activities common across all critical infrastructure networks. These are activities that companies should address when creating programs to protect critical computer systems and that identify best practices for communicating risks throughout an organisation. Specifically, the Framework Core consists of five functions designed to provide company decision-makers with a strategic view of cybersecurity risk management: identify, protect, detect, respond and recover.
For each function, the Framework identifies existing technical standards from NIST and other standards bodies to serve as…
