On a daily basis organization’s systems are exposed to threats that could disrupt operations in a matter of seconds. As the users check their personal email on a work computer, use personal USB drives on the network, and use the office Wi-Fi with personal devices only worsen the situation. These and other reckless activities perform by the users at the office increase the organization chances of being exposed to a threat.
Cybersecurity incidents have been on the rise for the last few years. Some of the most notorious were the attack on the Ukraine’s Power Grid, the leak of personal information from employees of DHS and FBI from an attack to the US Department of Justice, the Yahoo breach that’s financially hurting the company’s acquisition by Verizon, and the leak of emails from the Democratic National Committee that may have influenced the results of the 2016 US Election.
These events tell us one thing: “that we are going to be attacked”, and it’s just a matter of when will it happen. That’s why you need to assemble the best strategies to prevent it and protect your systems.
The NIST CyberSecurity Framework helps organizations improve their cyber resilience. The first layer of the framework consist of five (5) core functions: Identify, Protect, Detect, Respond and Recover. These functions serve as milestones in the path of initiating a CyberSecurity Plan. You’ll identify your current cybersecurity state, define a target state, identify areas that need improvement, assess the progress of your plan and communicate the risk to the upper management of the organization.
The framework core consists of functions, categories and subcategories. I will only list the categories of each function, but more details can be found at the NIST CyberSecurity Framework webpage as it provides informative references for each subcategory.
IDENTIFY Function Categories: Asset Management, Business Environment, Governance, Risk Assessment, and Risk Management Strategy.
PROTECT Function Categories: Access Control, Awareness and Training, Data Security, Information Protection Processes and Procedures, Maintenance, and Protective Technology.
DETECT Function Categories: Anomalies and Events, Security Continuous Monitoring, and Detection Processes.
RESPOND Function Categories: Response Planning, Communications, Analysis, Mitigation, and Improvements.
RECOVER Function Categories: Recovery Plan, Improvements, and Communications.
The second layer consists of tiers that identify the organization’s posture on the efforts to target each of the core functions; it will range from Tier 1 (Partial) to Tier 4 (Adaptive). It’s not necessary to move from one tier to a higher one, unless the view of the organization on the core function has changed or if the change means that the cybersecurity risk will decrease and it’ll be cost effective to the organization.
The third layer consist of profiles that identify the current state and desired target of the organization CyberSecurity activities.
The framework establishes seven (7) steps to implement or improve a CyberSecurity Plan:
- Prioritize and Scope
- Orient
- Create a current profile
- Conduct a risk assessment
- Create a target profile
- Determine, analyze and prioritize gaps
- Implement action plan
There are many tools available to support the development of a cybersecurity plan, please share on our Facebook Page your Toolkit for CyberSecurity and start the conversation with our members on how to face the threat. #CSToolkit
Note: This article was initially written for the InfraGard Puerto Rico Chapter Newsletter.
Updated after Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.
If you can’t explain it simply to a six year old, you don’t know it well enough.