NIST, the National Institute of Standards and Technology, created and released their Cybersecurity Framework in 2014. A collaborative process from industry, academia and government agencies through NIST has now released a draft of the Baldrige Cybersecurity Excellence Builder, which is a self-assessment tool that organizations can follow to understand their risk management efforts when it comes to cybersecurity.
Using the Builder, organizations of all sizes and types can:
- determine cybersecurity-related activities that are important to business strategy and the delivery of critical services;
- prioritize investments in managing cybersecurity risk;
- assess the effectiveness and efficiency in using cybersecurity standards, guidelines and practices;
- assess their cybersecurity results; and
- identify priorities for improvement.
The Baldrige Cybersecurity Excellence Builder is a PDF available from nist.gov. The draft walks you through leadership, strategy, customers, measurement, analysis, and knowledge management, workforce, and operations processes. A rubric is provided to allow you to evaluate your responses and determine the maturity level as reactive, early, mature, or role model across process and results factors. A glossary is also included to define the terms used throughout the document.
Check it out to get a feeling for areas where your organization is striving or areas to work on. Then provide feedback to firstname.lastname@example.org in order to make the Builder better for everyone.