### #CyberAssessmentGuidelines #NISTUpdates #OrganizationalSecurity
Summary: The National Institute of Standards and Technology (NIST) has released two new volumes to enhance organizations’ cybersecurity protocols, focusing on both technical assessments and leadership integration. These updates aim to provide comprehensive guidance on measuring and improving cybersecurity effectiveness tailored to organizational needs.
Threat Actor: NIST | NIST
Victim: Organizations | organizations
Key Point :
- Volume 1 addresses technical issues in cybersecurity measurement, comparing qualitative assessments to classical data analysis.
- Volume 2 emphasizes the importance of upper-level management support in translating qualitative findings into actionable results.
- Updates include expanded sections on quantitative measurement and a broader audience focus beyond federal agencies.
- Both volumes are designed to complement existing NIST publications on network and information security.
The National Institute of Standards and Technology issued two new updates to its existing literature on gauging the efficacy of organizations’ cybersecurity protocols, addressing both the selection and maintenance of a proper cybersecurity program depending on organizational needs.
Released on Wednesday, the new guidance is split into two volumes looking at different stages of implementing an effective cybersecurity program. Volume 1 is focused on technical issues in information security measurement and assessment, weighing the pros and cons of qualitative assessments versus classical data analysis approaches.
That volume also introduced types of assessments that internet security analysts can use to employ these approaches, clarifying what insights into an organization’s network security each assessment offers.
Volume 2 is focused on bringing leadership into the qualitative findings of the proposed network security assessments outlined in Volume 1 and translating them into results. Notably, NIST advocates for a “strong upper-level management support that is integrated into the culture of the organization” as the foundation for organizations looking to deliver results-oriented measures to their cybersecurity posture analyses.
“Major changes to the publication since its previous version include expanded sections on how to measure and analyze cybersecurity results quantitatively, as well as broadening the publication’s intended audience from federal agencies to all organizations concerned with cybersecurity,” the press release said.
Both volumes are intended to complement other NIST publications related to network and information security.
No tags for this post.