All
All

Framework for Improving Critical Infrastructure Cybersecurity

845 KB | 3 files | null PDF

The Framework enables organizations to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure.

IT Download image

The national and economic security of the United States depends on the reliable functioning of critical infrastructure. Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation’s security, economy, and public safety and health at risk. Similar to financial and reputational risk, cybersecurity risk affects a company’s bottom line. It can drive up costs and impact revenue. It can harm an organization’s ability to innovate and to gain and maintain customers.

To better address these risks, the President issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” on February 12, 2013, which established that “[i]t is the Policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.” In enacting this policy, the Executive Order calls for the development of a voluntary risk-based Cybersecurity Framework – a set of industry standards and best practices to help organizations manage cybersecurity risks. The resulting Framework, created through collaboration between government and the private sector, uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses.

The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across critical infrastructure sectors, providing the detailed guidance for developing individual organizational Profiles. Through use of the Profiles, the Framework will help the organization align its cybersecurity activities with its business requirements, risk tolerances, and resources. The Tiers provide a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk.

The attached zip file includes:

  • Intro Page.pdf
  • Terms and Conditions.pdf
  • CriticalInfrastructureCybersecurity.pdf
IT Downloads help you save time and money while executing essential IT management tasks. Download this useful resource now and put it to work for your business.
Related IT Downloads

Compliance2 Building a GRC Program: Assessing Stakeholder Needs and Readiness

This table outlines the top needs of each stakeholder group that can help guide your conversations on priorities and needs for the GRC program. ...  More >>

Security95 Guide to Cyber Threat Information Sharing

This publication provides guidelines for establishing and participating in cyber threat information sharing relationships. ...  More >>

email9 Trustworthy Email

This document provides recommendations and guidelines for enhancing trust in email, including transmission and content security recommendations. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.