Business Environment

There’s a category called “Business Environment” in the NIST cyber security framework. This category talks about “What is your organization's mission? What role do you serve in your industry? Are you considered critical infrastructure?” These are things that have to be connected to your risk management that you have put into place in your organization because you have to understand what your clients are expecting you to do. What are your responsibilities contractually? Are there resources out there for your industry in order to provide you help, because you are considered critical infrastructure? So, understanding your place in the world and your place in the supply chain can be very important to inform your cyber security practices and you need to know these things for your risk assessment, because being able to tap into what the government provides and what industry provides can be very helpful in helping you deal with and manage the risk that you face each and every day.  

Related Videos