A seven-month internal pilot test of a public and private-developed set of voluntary best practices and standards showed benefits in better understanding cyber security risks and technology solutions, Intel Corp. [INTC] said in a new white paper released to coincide with the one-year anniversary of the publishing of the Cybersecurity Framework.
“Our early experience with the Framework has helped us harmonize our risk management technologies and language, improve our visibility into Intel’s risk landscape, inform risk tolerance discussions across our company, and enhance our ability to set security priorities, develop budgets, and deploy security solutions,” Intel said in the paper, The Cybersecurity Framework in Action: An Intel Use Case.
Intel said the use case is helping it adopt the framework as a “process and risk management tool” rather than as a set of compliance requirements, adding that it will use the tools to expand the company’s broader application of the year-old framework.
The Obama administration rolled out the Cybersecurity Framework last February after a year-long process managed by the National Institute of Standards and Technology, which worked in partnership with the owners and operators of the nation’s critical infrastructures and others on the voluntary guidelines (Defense Daily, Feb. 12, 2014). The framework is meant to be a living document and be flexible and adaptable for use by any size business and allow organizations to better communicate internally regarding their cyber security postures.
There is a “clear benefit” to adopting the framework, Intel said, adding that it has tremendous potential for enterprises.
Intel said that its “pilot project has verified that the Framework can provide value to even the largest organizations and has the potential to transform cybersecurity on a global scale by accelerating cybersecurity best practices along the compute continuum.”
Still, the company said it is only at the beginning of realizing how best to adapt the framework to its needs but believes it will give it more visibility into its risk landscape, how to better set security priorities and identify potential solutions, harmonize risk management methodologies and technologies, and better inform its discussions around risk tolerance.
Discussions about risk tolerance turned out to be “one of the most important and valuable benefits” from the pilot because determining risk levels helps prioritize risk management activities, Intel said.