CREATe.org Releases Insights from Advisory Council Focused on Operationalizing the NIST Cybersecurity Framework

“Our goal with this report is to help identify common approaches companies can take to systematically and cost-effectively apply the Framework internally and among third parties to improve cybersecurity.”

As part of an initiative focused on sharing best practices for cybersecurity, the Center for Responsible Enterprise And Trade (CREATe.org) today launched a report focused on ways companies can operationalize the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST), with a goal of accelerating adoption internally and with third parties.

The report – Broadening Adoption of the NIST Cybersecurity Framework: Learnings from the CREATe Cybersecurity Advisory Council about the Key Ways to Help Companies Operationalize Leading Practices for Cybersecurity – features insights from senior cybersecurity, legal, compliance, risk and supply chain experts from corporations and universities around the globe. It addresses how companies are using the Framework today, guidance and tools that would accelerate broader adoption of it, and ways to help companies utilize the Framework internally and with third party partners.

“High-profile data breaches, cyber-attacks and loss of confidential information are putting cybersecurity at the top of corporate agendas,” stated Pamela Passman, President and CEO of CREATe.org. “Our goal with this report is to help identify common approaches companies can take to systematically and cost-effectively apply the Framework internally and among third parties to improve cybersecurity.”

The use of the Framework has expanded since its inception in 2014, with a 2016 report by the information technology research firm Gartner, stating that the Framework was used to some extent by 30 percent of U.S. organizations, and it is expected to rise to 50 percent by 2020.

However, for many companies, a key challenge lies in operationalizing the Framework – that is, using the results of the Framework’s risk assessment to directly improve their cybersecurity program.

The CREATe.org report focuses on four interrelated areas identified and addressed by the Advisory Council:


  • Defining assessment scope: Determining the boundaries when assessing a cybersecurity program is an ongoing…

Read the full article from the Source…

Leave a Reply

Your email address will not be published. Required fields are marked *