Priya Patel
TLDR:
– The NIST released the updated Cybersecurity Framework (CSF 2.0) in February, including a new Govern function and target profiles.
– Dave Bailey, VP of Consulting Services at Clearwater Security, emphasizes the importance of top-down support in managing healthcare-related cyber risks.
Utilizing CSF to Manage Cyber Risks
In February, the National Institute of Standards and Technology (NIST) released its updated Cybersecurity Framework (CSF 2.0), which included a newly added Govern function and target profiles to help companies better evaluate and improve their cybersecurity strategies. Dave Bailey, VP of Consulting Services at Clearwater Security, highlights the need for top-down support in managing healthcare-related cyber risks and how the new NIST Cybersecurity Framework can enhance cybersecurity in healthcare and MedTech organizations.
The Govern function in the NIST CSF 2.0 is designed to help healthcare organizations better understand their cybersecurity risks by emphasizing the need for leadership to play an active role in cybersecurity. Leadership sets the tone in an organization on the importance of cybersecurity and has the power to allocate resources for cybersecurity investments. This is critical to continuously assess risk and implement appropriate controls to safeguard data.
A target profile under NIST CSF 2.0 represents the priority and desired future state of an organization’s security program. Alignment of security strategy to the organization’s strategic plan is crucial for overall mission success. Platform security and technology infrastructure resilience are key areas for healthcare organizations to focus on to enhance cybersecurity and address cyber risks effectively.
As the healthcare industry continues to be a prime target for cybercriminals, the NIST CSF 2.0 provides critical categories and sub-categories to help organizations understand their security posture, manage cybersecurity risks, and demonstrate alignment with strategic initiatives for mission success. By implementing the framework, healthcare organizations can achieve cyber resiliency and protect asset confidentiality, integrity, and availability.
