Date Published: September 2016
Email Questions to:
Withdrawn: April 02, 2017
The Baldrige Cybersecurity Excellence Builder (BCEB) is a voluntary self-assessment tool that enables organizations to better understand the effectiveness of their cybersecurity risk management efforts. It helps leaders of organizations identify opportunities for improvement based on their cybersecurity needs and objectives, as well as their larger organizational needs, objectives, and outcomes. Using this self-assessment, you can:
- determine cybersecurity-related activities that are important to your business strategy and critical service delivery;
- prioritize your investments in managing cybersecurity risk;
- determine how best to enable your workforce, customers, suppliers, partners, and collaborators to be risk conscious and security aware, and to fulfill their cybersecurity roles and responsibilities;
- assess the effectiveness and efficiency of your use of cybersecurity standards, guidelines, and practices;
- assess the cybersecurity results you achieve; and
- identify priorities for improvement.
Like the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) and the Baldrige Excellence Framework, the BCEB is not a one-size-fits-all approach. It is adaptable and scalable to your organization's needs, goals, capabilities, and environment. It does not prescribe how you should structure your organization's cybersecurity policies and operations. Through interrelated sets of open-ended questions, it encourages you to use the approaches that best fit your organization.
Specifically, feedback is sought on:
- the relative value of different parts of the BCEB for assessing your cybersecurity risk management efforts,
- perceived gaps in the BCEB, and
- the user-friendliness of the BCEB.
Feedback on this draft will be incorporated into the version 1 release, scheduled for early 2017.
Keywords Cybersecurity Framework; risk management; risk assessment; Baldrige Excellence Management Program; self-assessment.
Security Assessment and Authorization;