Willie May, acting director of the National Institute of Standards and Technology, has urged business leaders at “Board Agenda: CYBER” conference to adopt the agency’s cybersecurity framework to manage cyber risks.
May said in prepared remarks published Friday on NIST’s website that the voluntary framework, which the agency developed in partnership with the private sector, provides best practices and basic guidelines on cyber risk management.
“The Framework provides a common language for understanding, managing, and expressing cybersecurity risk both internally and externally,” he said.
He noted that the framework focuses more on help for organizations to identify risks, detect and respond to threats, protect IT systems and recover from attacks, rather than to prevent cyber attacks.
May indicated that CA Technologies, IBM, RSA and other companies across a variety of sectors, as well as agencies such as the departments of Commerce and Homeland Security, have already adopted or incorporated the framework.
“[Your] leadership is critical to ensuring that your companies spend the time and resources necessary to manage this risk, just like you manage financial and legal risks,” he told the audience.
“Know that there are systematic proven best practices for addressing cyber risk and insist that your companies use them.”