From Framework to Application: Protect with BitSight

Ben Fagan | September 15, 2015 | tag: Regulation & Compliance

This is the third post in a series exploring how Security Ratings can address key components of the NIST cybersecurity guidelines. You can read the first post here and the second post here.

The NIST Cybersecurity Framework outlines five Framework Functions that organizations can use to better protect themselves against cyber threats. The second of these Framework Functions is Protect, which NIST describes as, “Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.” The Protect Framework Function is a focused on preventative measures to mitigate the potential of a major security event, such as a breach. Within this Framework Function, NIST further defines categories, subcategories and references from other widely adopted standards, such as COBIT (Control Objectives for Information and Related Technology) and ISO/IEC guidelines.

The NIST standards clearly place importance on the need for formalized risk management processes and communication of security posture throughout the enterprise. To address these challenges, many businesses have adopted BitSight Security Ratings for Benchmarking in order to effectively communicate performance to stakeholders and identify area of improvement. Below BitSight has provided a breakdown of how its product complements the NIST Identify Framework.

In the next post in From Framework to Application, we will discover how continuous monitoring with BitSight can help companies address the next Framework Function of the NIST Guidelines: Detect.


Suggested Posts

Top 3 Most Common Cybersecurity Models Explained

Security risk managers often face a lot of the same roadblocks, even if they’re managing programs of different sizes or in different industries. Basing security practices on well-known, and sometimes government-regulated cybersecurity...


7 Cybersecurity Frameworks That Help Reduce Cyber Risk

While security ratings are a great way to demonstrate that you’re paying attention to the cyber health of the organization you also need to show that you’re adhering to industry and regulatory best practices for IT security and making...


FFIEC IT Handbook Updates: Business Continuity Is 2020 Focus

In November 2019, the Federal Financial Institutions Examination Council (FFIEC) released an update to the Information Technology Examination Handbook (IT Handbook). This handbook is a guide for examiners at its member agencies, which...


Subscribe to get security news and updates in your inbox.