NIST Cybersecurity Framework Assessment: How Safe and Prepared is Your Company from Cyberattacks?

By Freed Maxick RAS Team on October 5, 2021
Back to main Blog
Freed Maxick RAS Team

NIST Cybersecurity Framework Assessment

Using the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework as an Assessment Tool

When it comes to protecting your company or organization’s digital ecosystem and resources in 2021, the news is not encouraging. Consider, for example, that:

  • Cybercrime is up 600% due to the COVID-19 pandemic (PurpleSec)
  • Remote work has increased the average cost of a data breach by $137,000. (IBM)
  • More than half a million Zoom user accounts were compromised and sold on the dark web. (CPO Magazine)
  • 95% of cybersecurity breaches are a result of human error (Cyberint)
  • Only 16% of executives say their organizations are well prepared to deal with cyber risk. (McKinsey & Company)

On the other hand, with the proper cybersecurity safeguards, training, investments, and continuous monitoring, organizations are fighting back. Today, an aggressive cyber defense strategy, policies and infrastructure is a necessary part of business.

Basing Your Cyber Defense on the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework

At Freed Maxick, we use the NIST Cybersecurity Framework to do assessments of our clients’ cybersecurity program. The NIST Framework consists of a Framework Core, Profiles, and Implementation Tiers.

The Core and has five key components - identify, protect, detect, respond, and recover – reviewed below. Each of the elements in the Core represents an opportunity for assessment, discussion, planning and if necessary, remediation

Overview of the NIST Cybersecurity Framework – The Core

Framework Core

Objective

Associated categories

Identify

Secure a comprehensive understanding of your organization’s risk environment and risk management assets – both available and needed.

Asset Management

Business Environment

Governance

Risk Assessment

Risk Management Strategy

 

Protect

Develop and implement critical infrastructure to limit or contain the impact of a potential cybersecurity event

Identity Management and Access Control

Awareness and Training;

Data Security

Information Protection Processes and Procedures

Maintenance

Protective Technology

Detect

Development and implementation of activities for recognizing the when a cybersecurity event occurs

Anomalies and Events

Security Continuous Monitoring

Detection Processes

Respond

Development and implementation of a response plan including identification of appropriate actions for responding to a detected cybersecurity incident

Response Planning

Communications

Analysis

Mitigation

Improvements

Recover

Development and implementation of plans for restoring any capabilities or services that were impaired due to a cybersecurity event.

Recovery Planning

Improvements

Communications

Download a Complimentary NIST Cybersecurity Assessment Tool

The Freed Maxick Cybersecurity Team is happy to offer a complimentary cybersecurity assessment tool based on the NIST Framework, to help C-Suiters and senior managers understand their situation and set the stage for a dialogue with their IT team, risk managers and cybersecurity consultants.

Simply click on the image below, or for a confidential, no cost or obligation discussion of your situation, call Sam DeLucia at 585.360.1405, today.

New call-to-action

Stay up to date