Which cybersecurity-related activities are most important to your business strategy and critical service delivery? How do you assess the effectiveness and efficiency of your use of cybersecurity standards, guidelines, and practices? To answer these questions and build excellence in your cybersecurity risk management system, consider a self-assessment with a new tool called the Baldrige Cybersecurity Excellence Builder.
Organizations of all types are becoming more vulnerable to cyber threats due to their increasing dependence on computers, networks, programs and applications, social media, and data. Security breaches can negatively impact organizations and their workforce, customers, and other stakeholders, with both financial and reputational damage potentially lasting many years. Balancing the conflicting demands of connectivity and accessibility with security, reliability, and confidentiality means that risk management and measuring the effectiveness of cybersecurity practices is critical.
And the situation is only going to get worse as the Internet of Things is becoming more critical for business owners to understand--and act on--than ever before. "The Internet of Things is the encapsulation of the next-generation technologies that will touch nearly all facets of our day-to-day lives," says Chester Kennedy, CEO of the International Consortium for Advanced Manufacturing Research. "The arrival of the sensor era is happening at a frenetic pace."1
The Baldrige Cybersecurity Excellence Builder tool enables organizations to better understand and improve the effectiveness of their cybersecurity risk management efforts in light of these new vulnerabilities. This voluntary self-assessment tool is based on the detailed Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework), managed by the National Institute of Standards and Technology (NIST) Information Technology Laboratory, Applied Cybersecurity Division, and the Baldrige Excellence Framework, developed by the Baldrige Performance Excellence Program.
What makes the Builder different from various other self-assessment tools? By combining concepts in the Cybersecurity Framework and the Baldrige Framework, the Builder
The Builder includes an Organizational Context section and six interrelated process categories and a results category:
By challenging yourself with the questions that make up the Builder, you explore how you are accomplishing what is important to your organization’s cybersecurity risk management system. Use the Builder to achieve the following:
To learn more
If you use the Builder, we invite you to submit lessons learned and comments at www.nist.gov/baldrige/products-services/baldrige-cybersecurity-initiative. This is the first in a series of blogs on the Baldrige Cybersecurity Excellence Builder. Future blogs will focus on using the tool to improve your cybersecurity policies and operations in the areas of leadership, strategy, customers, measurement, workforce, operations, and results.