NIST Should Develop Tool for Individual Analysis of Cybersecurity Framework Use, ISA CEO Says
The National Institute of Standards and Technology should morph work on how to effectively measure use of the Cybersecurity Framework into development of “an analytical tool that will enable individual entities to assess their unique threats on a monetized basis,”…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Internet Security Alliance CEO Larry Clinton blogged. NIST has been working with stakeholders on a proposed v1.1 update including metric language aimed at starting a conversation (see 1701100084). Stakeholders urged the agency to be cautious (see 1704110045 and 1705160072). NIST should develop a tool to help entities “assess which elements of the [framework] will be most cost-effective in addressing them” rather than identify “which elements of the [framework] are cost-effective in general,” Clinton said Wednesday: Use of the framework “is effective, but exactly what elements” are effective “and the degree of effectiveness likely changes from organization to organization based a number of variables such as size, sector, culture and business plan."