The development of Community Profiles is a collaborative process that involves several stages. Initially, the planning stage focuses on identifying the community’s needs, determining the scope of the Profile, and selecting participants for the development process.
The development stage involves stakeholders working together to align their shared priorities with the community’s cybersecurity needs. This stage includes defining desired cybersecurity outcomes based on the CSF Core and engaging the broader community for feedback to ensure the Profile’s applicability and relevance. The development process emphasizes collaboration and consensus-building within the community, ensuring that the Profile reflects a comprehensive understanding of the community’s needs and challenges.
Key stakeholders in the development of Community Profiles typically include business leaders, security architects, IT professionals, and representatives from various organizations within the community. Their collective expertise and perspectives are essential for creating a Profile that is both practical and effective.
“We encourage both cybersecurity experts and operational experts to participate in the development of Community Profiles,” said Julie Snyder, Principal Cybersecurity & Privacy Engineer and member of the NIST NCCoE. “Having both operational and cybersecurity experts involved in the process helps communities identify which cybersecurity outcomes and activities are most critical to their operational priorities.”
According to Synder, one of the earliest Community Profiles created was a collaboration between the U.S. Coast Guard and the NCCOE working on how to protect the Maritime Transportation System. Oil and natural gas organizations play a significant role in the Maritime Transportation System and were some of the key players in this effort.
“As an example of cybersecurity risk management discussions that Community Profiles can facilitate, consider communication needs at an oil and gas company. There are times headquarters, which is on the mainland, needs to share urgent information with an offshore drilling or production platform. This means security activities that protect communications channels are very important and elevated in priority in their Community Profile,” said Snyder.
To comment on this post
Login to NextLabs Community
NextLabs seeks to provide helpful resources and easy to digest information on data-centric security related topics. To discuss and share insights on this resource with peers in the data security field, join the NextLabs community.
Don't have a NextLabs ID? Create an account.