Modern threat actors target enterprises across all industries regardless of their type, size or geographic location. Comprehensive protection against cyberthreats requires enterprises to assess their information and technology (I&T) and digital assets through a broad lens and to develop their cyberposture as part of a comprehensive governance and management framework. With the proper enterprise governance program in place, the audit and assurance function can help inform risk-reward decisions and maximize enterprise value while addressing stakeholder needs.
The US National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (CSF) can help enterprises view cybersecurity as a critical component of all business functions. It can be applied to any enterprise that incurs cybersecurity risk, that is, any business, organization or entity that participates in or supports critical infrastructure. In today’s global economy, this applies to every organization.
To help you apply the NIST CSF within a comprehensive I&T governance and management framework, ISACA has developed the Governance Playbook: Integrating Frameworks to Tackle Cybersecurity white paper, which outlines steps for implementing these frameworks together to create value, accelerate innovation and catalyze business transformation. Improved risk management by enterprises globally could have a cumulative effect and reduce cyberrisk for all.
To learn more, download this complimentary white paper by visiting the Governance Playbook: Integrating Frameworks to Tackle Cybersecurity page of the ISACA website.