Freed Maxick RAS Team
Using the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework as an Assessment Tool
When it comes to protecting your company or organization’s digital ecosystem and resources in 2021, the news is not encouraging. Consider, for example, that:
- Cybercrime is up 600% due to the COVID-19 pandemic (PurpleSec)
- Remote work has increased the average cost of a data breach by $137,000. (IBM)
- More than half a million Zoom user accounts were compromised and sold on the dark web. (CPO Magazine)
- 95% of cybersecurity breaches are a result of human error (Cyberint)
- Only 16% of executives say their organizations are well prepared to deal with cyber risk. (McKinsey & Company)
On the other hand, with the proper cybersecurity safeguards, training, investments, and continuous monitoring, organizations are fighting back. Today, an aggressive cyber defense strategy, policies and infrastructure is a necessary part of business.
Basing Your Cyber Defense on the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework
At Freed Maxick, we use the NIST Cybersecurity Framework to do assessments of our clients’ cybersecurity program. The NIST Framework consists of a Framework Core, Profiles, and Implementation Tiers.
The Core and has five key components - identify, protect, detect, respond, and recover – reviewed below. Each of the elements in the Core represents an opportunity for assessment, discussion, planning and if necessary, remediation
Overview of the NIST Cybersecurity Framework – The Core
Framework Core |
Objective |
Associated categories |
Identify |
Secure a comprehensive understanding of your organization’s risk environment and risk management assets – both available and needed. |
Asset Management Business Environment Governance Risk Assessment Risk Management Strategy
|
Protect |
Develop and implement critical infrastructure to limit or contain the impact of a potential cybersecurity event |
Identity Management and Access Control Awareness and Training; Data Security Information Protection Processes and Procedures Maintenance Protective Technology |
Detect |
Development and implementation of activities for recognizing the when a cybersecurity event occurs |
Anomalies and Events Security Continuous Monitoring Detection Processes |
Respond |
Development and implementation of a response plan including identification of appropriate actions for responding to a detected cybersecurity incident |
Response Planning Communications Analysis Mitigation Improvements |
Recover |
Development and implementation of plans for restoring any capabilities or services that were impaired due to a cybersecurity event. |
Recovery Planning Improvements Communications |
Download a Complimentary NIST Cybersecurity Assessment Tool
The Freed Maxick Cybersecurity Team is happy to offer a complimentary cybersecurity assessment tool based on the NIST Framework, to help C-Suiters and senior managers understand their situation and set the stage for a dialogue with their IT team, risk managers and cybersecurity consultants.
Simply click on the image below, or for a confidential, no cost or obligation discussion of your situation, call Sam DeLucia at 585.360.1405, today.