4.1: Cyber Risk Management
Provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security
measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk.
Other Information:
(b) The Cybersecurity Framework shall provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach,
including information security measures and controls, to help owners and operators of critical infrastructure identify, assess,
and manage cyber risk. The Cybersecurity Framework shall focus on identifying cross-sector security standards and guidelines
applicable to critical infrastructure. The Cybersecurity Framework will also identify areas for improvement that should be
addressed through future collaboration with particular sectors and standards-developing organizations. To enable technical
innovation and account for organizational differences, the Cybersecurity Framework will provide guidance that is technology
neutral and that enables critical infrastructure sectors to benefit from a competitive market for products and services that
meet the standards, methodologies, procedures, and processes developed to address cyber risks. The Cybersecurity Framework
shall include guidance for measuring the performance of an entity in implementing the Cybersecurity Framework.
Indicator(s):
|
