What is Critical infrastructure?

Critical Infrastructure is defined as any system and assets, whether physical or virtual, so vital to the United States (and can be interpreted for any country) that the incapacity or destruction of such systems and assets would have a debilitating impact on cybersecurity, national economic security, national public health or safety, or any combination of those matters.

The critical infrastructure community includes public and private owners and operators, and other supporting entities that play a role in securing the Nation’s infrastructure. Each sector performs critical functions that are supported by information technology (IT), industrial control systems (ICS) and, in many cases, both IT and ICS.To manage cybersecurity risks, a clear understanding of the security challenges and considerations specific to IT and ICS is required.

(Source: NIST)

What is the framework all about?

The Framework provides a common language for expressing, understanding, and managing cybersecurity risk, both internally and externally. The Framework can be used to help identify and prioritize actions for reducing cybersecurity risk and is a tool for aligning policy, business, and technological approaches to managing that risk. Different types of entities — including sectors, organizations, and associations — can use the Framework for different means, including the creation of common Profiles.

How is this relevant to your organization?

If you have critical infrastructure this is definitely for you.

Every other organization can use the document (in its spirit) to associate the core framework to its existing security framework. The document provides a easy framework for Identify, Protect, Detect, Respond, Recover any core infrastructure.

What is there for the security professional/CISO/ISMS Managers?

The use of multiple standards – ISO 27001, NIST SP – 800-53,  COBIT, ISA 99.02.01 shows the depth of the document.

Use the document to enhance your security posture. Use the Core framework and references for benchmarking existing security resiliences. It is a worthwhile effort.

Download and read the document here – http://www.nist.gov/itl/cybersecurity-102213.cfm

Author : Probal C