National Institute of Standards (NIST) and Framework for Cyber Security Framework (CSF) takes a pragmatic approach to managing digital security risk and is designed to improve cyber security resilience. The framework provides a methodology for identifying risk exposure, compliance obligations and security controls across people, processes and technology to uplift and maintain security capability.
The framework at its core provides guidance on security controls that references industry standards and practices, constructs for planning and implementing cyber security programs (i.e. roadmap) to ascertain existing security profile, performs an assessment on existing risk profile, targets risk profile commensurate with acceptable risk constraints and enables planning and prioritisation of security uplift. It further outlines methods to assessing maturity of security practices in the organisation.
