This is the second in a recurring series that explores the cybersecurity principles and best practices found within the National Institute of Standards & Technology Cybersecurity Framework. You may recall from last month’s column that NIST organizes cybersecurity risk management into five high-level functions: Identify, Protect, Detect, Respond and Recover.
Placed within the Identify function is a category labeled “business environment,” which refers to an organization’s ability to inform its cybersecurity roles, responsibilities, and risk management decisions with a solid understanding and prioritization of its corporate mission, objectives, stakeholders and business activities. In short, business-specific needs should drive every network security program.