Page 54 - Cyber Warnings
P. 54
What NIST s Cybersecurity Framework is and why it matters
Practical advice to help you build a solid InfoSec plan
Michelle Drolet, CEO, Towerwall
The risk of your business falling victim to cybercrime has never been higher. Despite a
seemingly endless parade of high profile data breaches, ransomware attacks, and phishing
scams, many organizations still lack the necessary defenses to identify, prevent, or recover from
an attack. The trouble is that it has become increasingly easy for would-be attackers. Anyone
can hire a botnet or buy off-the-shelf malware, complete with technical support. New mobile
devices, along with the ever-expanding Internet of Things, offer a wide range of insecure access
points.
Although 61% of CEOs are concerned about cybersecurity, only 37% have a cyber incident
response plan in place, according to PwC research.
If you acknowledge the scale of the threat and want to act, you may wonder where to start. The
National Institute of Standards and Technology (NIST) has compiled a document called the
Cybersecurity Framework that’s just for you.
NIST’s Cybersecurity Framework Explained
The idea behind the Cybersecurity Framework is to encourage all kinds of organizations to pool
their knowledge and work together. Originally envisioned by the U.S. government as a voluntary
framework to keep critical infrastructure safe, these guidelines have since been adopted by a
very wide range of different organizations from retail chains and banks to small businesses. It’s
a comprehensive document that organizes best practices and security principles into a guide
that’s constantly evolving to help you stay one step ahead of the cybercriminals.
“The NIST Cybersecurity Framework should be the cornerstone of your cybersecurity strategy,”
says George Wrenn, CEO of CyberSaint. “It’s time to run cybersecurity as a business function
with clear objectives and measures based on the gold standard national framework.”
Common standards for collaboration
At the heart of the Cybersecurity Framework is the idea of creating a common language. It
should be easy for everyone to share their experiences, discuss new tactics, and sketch out
new strategies. To that end, the framework offers a holistic set of reference points that are
accessible enough for anyone to employ. Executives, IT departments, and InfoSec
professionals can work together towards a common security goal.
One of the great things about NIST’s framework is that you can use it to take the temperature of
your current cybersecurity efforts and immediately see if your strategy is healthy or if it needs
54 Cyber Warnings E-Magazine – July 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
