Pub. 4 2014-2015 Issue 3

10 O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S FEATURE ARTICLE CRAIG SCHURR CISA, CISSP, CCNP CONETRIX “There are three layers of the Framework: Framework Core, Framework Profile and Framework Implementation Tiers.” Cybersecurity Framework O n February 12, 2013, President Obama issued the “Improving Critical Infra - structure Cybersecurity” executive order (Executive Order 13636 1 ). A year later, the National Institute of Standards and Technology (NIST) released the “Framework for Improving Critical Infrastructure Cybersecuri- ty 2 ,” a cybersecurity framework designed to pro - vide businesses and organizations with a set of standards and best practices to effectivelymanage cybersecurity related risks. There are three layers of the Framework: Framework Core, Framework Profile and Framework Implementation Tiers. The Framework Core consists of a set of security guidelines and references that are common across all critical infrastructure sectors (Government, Information and Tele- communications, Energy, Financial, etc.). The Core is based on five functions (Iden - tify, Protect, Detect, Respond and Recover) that form a cybersecurity risk management lifecycle. These functions are further broken down into categories and subcategories that contain direct references to best practice standards. The Framework Core comple- 1 Executive Order 13636—Improving Critical Infrastructure Cybersecurity - http://www.gpo.gov/fdsys/pkg/ FR-2013-02-19/pdf/2013-03915.pdf 2 Framework for Improving Critical Infrastructure Cybersecurity - http://www.nist.gov/cyberframework/upload/ cybersecurity-framework-021214-final.pdf