Cybersecurity

NIST Framework

WHY NIST? The National Institute of Standards and Technology’s (NIST, founded in 1901) Cybersecurity Framework is the gold standard in the industry to improve critical infrastructure cybersecurity. YOU deserve the best.

This framework enables your organization to apply the principles and best practices of risk management to improve security and resilience.

Overarching goal – Reduce and better manage cybersecurity risks, improving YOUR security posture and resilience.

NIST wheel
Framework Core

Framework Functions

A set of cybersecurity activities, desire outcomes, and references common across critical infrastructure sectors.

Standards, guidelines, & practices: This process is engaged continuously to continue to learn and improve.
IdentifyWhat processes and assets need protection?
ProtectImplement appropriate safeguards
DetectIdentify the occurrence of cybersecurity incidents
RespondContain the impact of cybersecurity threats
RecoverRestore and build resiliency.
Vulnerability Scanning
cyber shield
Cybersecurity Detection
Cybersecurity Action
Cybersecurity Recover
Identify

What processes and assets need protection?

The focus is on the business and how it relates to cybersecurity risk. This is time to review all resources at hand. Lays groundwork for cybersecurity-related actions that clients will take moving forward. Review: what is currently in the environment, risks associated with environments, how it relates in context with the business’ goals.

Allows us to understand all assets and environments, define current and desired states of controls to protect those assets, and a plan to move from current to desired state of cybersecurity.

How we use the NIST Framework

Prioritize, Scope, and Orient
Define objectives and priorities to make strategic decisions regarding implementations and identify related systems and assets.
Create a Current Profile
Indicate which Category and Subcategory outcomes from the framework are being achieved
Conduct A Risk Assessment
Analyze the operational environment in order to discern likelihood and impact of cybersecurity events.
Create a Target Profile
Assess the organization’s desired outcomes
Assess the organization’s desired outcomes
Compare the Current Profile and Target Profile to create a prioritized action plan
Implement Action Plan
Determine which actions to take and repeat continuously as needed in order to improve the quality of risk assessment.