Establishment and Prioritization of Organizational Priorities
Name:
Institution:
Establishment and Prioritization of Organizational Priorities
The sequential steps in this context assume an imperative role in the establishment or augmentation of a cybersecurity program. In doing so, the respective phases offer a platform for setting up organizational priorities. Foremost, the steps enable the organization to recognize its mission-based objectives as well as the company’s priorities. By prioritizing and scoping, the organization becomes capable of establishing strategic alternatives that actually facilitate high-level priorities (National Institute of Standards and Technology, 2014). Secondly, the institution of organizational priorities takes place via the recognition of possible security inefficiencies or threats. With orientation, the firm facilitates its main concerns by identifying its general risk approach as well as the vulnerabilities that may be present within the acknowledged assets and systems. Following this, the organization’s participation in the development of the Current Profile further facilitates its priorities. With this step, the firm is capable of marking the outcomes within the Framework Core that are attained (National Institute of Standards and Technology, 2014). Once this is completed, the organization is able to carry out a risk assessment of its operational context in order to evaluate the possible events and budding uncertainties that may affect it. Hence, with such information, the organization will establish its priorities by gaining a further understanding of the effects that different cyber-related events will impose on its security framework. Additionally, the establishment of organizational priorities will be achieved by accounting for exclusive organizational uncertainties as well as the needs and pressures that outside stakeholders may impose in relation to the development of the Target Profile (National Institute of Standards and Technology, 2014). Consequently, a comparison of the Target and Current Profile will reveal the gaps that eventually influence the development of a designated action plan (National Institute of Standards and Technology, 2014). This will enable the firm to establish its priorities since it will guide in decision-making related to issues such as risk management and cybersecurity activities. Lastly, the implementation of an action plan will support the institution of organizational priorities since it will involve the establishment of actions meant to gratify the gaps noted in the previous prioritization.
Reference
National Institute of Standards and Technology. (2014). Framework for improving critical infrastructure cybersecurity.