23.3k views
1 vote
Under the NIST Cybersecurity Framework, __________________ of the Risk Management Process indicates organizational cybersecurity risk management practices are not formalized, and risk is managed in an ad hoc and sometimes reactive manner.

User Dafmetal
by
7.5k points

1 Answer

1 vote

Final answer:

The 'Partial' level of the NIST Cybersecurity Framework's Risk Management Process describes a state where an organization's cybersecurity measures are ad hoc and not formalized, showing a lack of systematic long-term evaluations.

Step-by-step explanation:

Under the NIST Cybersecurity Framework, the term to describe the state in which organizational cybersecurity risk management practices are not formalized, and risk is managed in an ad hoc and sometimes reactive manner, is Partial. This category of the Risk Management Process indicates that there may be some cybersecurity measures in place, but they lack a cohesive and coordinated approach. Not having the appropriate systems to conduct long-term follow-up evaluations implies that the organization does not engage in consistent, repeatable risk management activities and typically operates on a moment-to-moment basis when dealing with threats. The key to improvement is to develop and formalize policies, procedures, and strategies that integrate cybersecurity throughout the organizational processes.

User Furier
by
8.4k points