Home > Insights > Blogs > Cybersecurity Bits and Bytes > NIST and FAIR develop tool to merge cybersecurity risk standards

NIST and FAIR develop tool to merge cybersecurity risk standards

August 12, 2016

One key issue when developing a cybersecurity protocol for your business is ensuring compliance with industry standards to protect your business and adequately address cybersecurity risks. Fail to comply with the standard for your product, company, or industry, and you risk not just a breach of your company’s environment, but administrative fines or civil litigation and loss of customers or clients. 

Another concern for cybersecurity professionals is how to prioritize risks in their organizations. In an ideal world, all information would be encrypted and thoroughly protected with physical, technical, and administrative layers of security. In the real world, however, there are budgets to be considered. Organizations must prioritize where they deploy their limited security resources. But evaluating the risks posed by cybersecurity threats to different parts of systems can be difficult.

Two leading organizations, the National Institute of Standards and Technology (NIST) and Factor Analysis of Information Risk (FAIR) Institute have developed a tool that purports to simultaneously address both of these concerns. Their tool, introduced on August 11, 2016, is intended to help cybersecurity professionals effectively and economically meet NIST security standards and assist organizations in protecting the most critical organizational systems, infrastructure and data. 

The NIST portion of the tool is intended to ensure that the organization meets the NIST Cybersecurity Framework — a widely used set of guidelines for managing cybersecurity risks. The FAIR portion of the tool is intended to then ensure that the deployment of security measures is prioritized in financial terms. In other words, the tool helps organizations ensure the best security resources are deployed to protect the most sensitive and economically important resources. This combination greatly increases the effectiveness of any security deployment. And by helping organizations focus their security resources on the most important and critical assets, organizations will be better protected and consumers’ information will be more secure. 

For more information on the NIST-FAIR cybersecurity risk analysis, visit NIST’s Industry Resources page and look at the materials under “Guidance that Incorporates Framework” section, or start on Part 1 of the FAIR’s five-part series of blog posts on the topic.