The National Institute of Standards and Technology (NIST) released an updated version 2.0 of the Cybersecurity Framework (CSF) on February 26, 2024. This framework is an important cybersecurity guideline for organizations to effectively manage and respond to cyber threats.
The NIST Cybersecurity Framework 2.0 provides step-by-step practices that are easy to understand and encompass everything from risk assessment and prioritization of risks impacting organizational operations to planning for potential cyber threat incidents. This framework helps organizations respond appropriately to threats and summarize critical information for decision-making by management and personnel involved in maintaining cybersecurity within the organization.
Currently, cyber threats have become increasingly diverse, impacting information systems and the business operations of organizations. Therefore, Cyber Risk Management is essential for all types of organizations, not just critical infrastructure agencies. The NIST Cybersecurity Framework 2.0 is a framework for managing cyber risks established by the National Institute of Standards and Technology (NIST), aimed at protecting organizations from cyber threats, as well as ensuring compliance with cybersecurity regulations in alignment with regulatory bodies.
The NIST Cybersecurity Framework (CSF) was first published in 2014 with the objective of helping organizations understand, reduce risks, and communicate about cybersecurity. In version 2.0, improvements and additional details have been made to be more comprehensive and up-to-date. The CSF 2.0 framework consists of six core functions: Identify, Protect, Detect, Respond, Recover, and Govern, with Governance being a new function added in CSF 2.0. When working together, these functions provide a comprehensive view of the cycle for managing cybersecurity risks.
- Govern: Governance of risk management, performing oversight duties for risk management, setting acceptable risk levels, clearly defining roles and responsibilities, and consistently enforcing policies to promote accountability and drive continuous improvement in managing cybersecurity risks.
- Identify: Identifying risks of various devices, prioritizing assets within the organization based on their importance, and having a process for managing information assets.
- Protect: Implementing security measures to safeguard the organization's operational systems or data, such as defining access rights and using system protection technologies.
- Detect: Establishing processes to detect abnormal situations in the organization's networks and information systems. Having an effective detection process helps organizations identify cyber threats quickly, leading to timely responses and problem resolution.
- Respond: Defining guidelines and steps for dealing with cybersecurity incidents (Incident Response Plan), responding quickly and effectively to those incidents to reduce risks and potential impacts.
- Recover: Recovering from cybersecurity incidents by following a pre-established, step-by-step recovery plan and ensuring the completeness of backup data used for recovery.
For Thailand, the NIST Cybersecurity Framework (CSF) has been adopted as a guideline for the operations of various agencies, both public and private, that have their foundational work systems based on information technology. This was established in the Cybersecurity Act B.E. 2562 as a standard that helps improve security for organizations, whether small or large. Adhering to the NIST CSF guidelines will ensure that the organization’s systems and information, as well as its networks, are secure, as the practices cover everything from assessment, preparedness, monitoring, to responding to cyber problems or disasters that may arise.
About SGS
SGS is the world’s leading Testing, Inspection and Certification company. We operate a network of over 2,500 laboratories and business facilities across 115 countries, supported by a team of 99,500 dedicated professionals. With over 145 years of service excellence, we combine the precision and accuracy that define Swiss companies to help organizations achieve the highest standards of quality, compliance and sustainability.
Our brand promise – when you need to be sure – underscores our commitment to trust, integrity and reliability, enabling businesses to thrive with confidence. We proudly deliver our expert services through the SGS name and trusted specialized brands, including Brightsight, Bluesign, Maine Pointe and Nutrasource.
SGS is publicly traded on the SIX Swiss Exchange under the ticker symbol SGSN (ISIN CH1256740924, Reuters SGSN.S, Bloomberg SGSN:SW).
238 TRR Tower, 19th-21st Floor, Naradhiwas Rajanagarindra Road,
Chong Nonsi, Yannawa, 10120,
Bangkok, Thailand