Tell somebody that you’re planning to make a plan, and you’ll get some snide looks. But tell somebody that you have a good plan in place, and it instills a sense of preparation and confidence.

Cybersecurity is a topic so broad that the NIST Framework addresses the concept of “Data Security” as just one of 22 important risk categories.

The NIST Framework lists “awareness and training” as a key component of network protection. But how do you go about it? 

As part of our continuing series on the NIST Framework, we completed our review of the “Identify” category last month.  

Starting last August, we began the current series of articles to provide our readers with a deep dive into the NIST Framework and its approach to Identify, Protect, Detect, Respond to and Recover from cybersecurity incidents.

Privacy considerations are rising in business significance, and not simply as a matter of data breach liability.

Placed within the Identify function of the NIST Cybersecurity Framework is a category called Risk Assessment.

Good governance should translate into your organization having high confidence that these four principles hold true.

This is the second in a recurring series that explores the cybersecurity principles and best practices found within the National Institute of Standards & Technology Cybersecurity Framework. You may recall from last month’s column that NIST organizes cybersecurity risk management into five high-level functions: Identify, Protect, Detect, Respond and Recover.

This is the first in a recurring series that explores the functions, categories and subcategories of the National Institute of Standards & Technology (NIST) cybersecurity framework.