Summary
In this chapter, we reviewed what a framework is and why it is important. Frameworks were developed to assist organizations in filling in the blanks of building a cybersecurity program. The NIST CSF is a framework that can be applied to your organization with little effort.
As cyber-attacks took hold during the early 2000s, we needed to rapidly increase our security posture. Cybersecurity frameworks were created to assist organizations in doing just that. Many may think that IT and cybersecurity are identical, but they are not. As we learned, cybersecurity has its own language and way of implementing solutions.
As we saw in the success stories, several organizations had come from other frameworks and began to use the CSF due to its flexibility in allowing for agility across multiple business functions.
In the next chapter, we will dive deeper into the CSF and review the framework core, tiers, and profiles. We will then look at how to evaluate and reduce risk. More...
