Role of NIST standards in cybersecurity?
NIST standards are used in cybersecurity to assess Risk and coming up with strategies to control that risk. In order to Assess the risk, we have to see the probability of that risk and then we have to see the magnitude of that risk for the information, systems and networks in our company or business. We have to assure the stakeholders that this risk can be controlled.
How can we mitigate the Risks by NIST standards in cybersecurity?
We can do it several ways, we can transfer the risk, we can mitigate the risk, we can eliminate the risk, or we can decide to not do anything about the risk.
Example we can take example of a laptop which has important information, we can get a lock for the laptop which would be a physical control used to reduce the risk, we can get insurance policy which can mitigate the risk for the damage caused by stolen information on the laptop. Another option is not even buying a laptop because we have enough desktop in the workplace based on risk/benefit analysis of having a laptop and having a laptop and getting it stolen.