One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1073279 |
| Date de publication | 2019-03-19 13:00:00 (vue: 2019-03-20 21:01:12) |
| Titre | The NIST cybersecurity framework (CSF) and what it can do for you |
| Texte |
The NIST Cybersecurity Framework (CSF) has only been around for four years and while developed for critical infrastructure, resulting from Executive Order 13636, it has been widely adopted across both private and public sectors and organizational sizes. It is used inside of the US government, with 20 states using it (at last count). In addition, international organizations such as the Italian government, as well as private sector organizations including technology and education are using the framework.
Why is this?
If there’s one overarching theme of the NIST CSF when it comes to implementation, it’s that there’s no one-size-fits-all solution. Your risk profile, regulatory requirements, and financial and time constraints are unique, and the NIST CSF allows each organization to take these factors into account when implementing the CSF. Moreover, implementation is not an all-or-nothing proposition. Without the restrictions of a formal compliance regulation to hold you back, you are free to implement the NIST framework in whatever way best fits your business needs. Once you establish your unique, current profile and target profile, you can use the gaps between them as a tool to help prioritize improvement actions, based upon your budget and resources.
The NIST CSF allows you to establish or build upon your foundation by identifying what needs to be protected, implementing safeguards, and detecting, responding to, and recovering from events and incidents. In the simplest terms, NIST CSF defines outcomes based upon your unique threats and risks, as well as how you manage risks within your organization:
Know what you have and what you are facing
The NIST CSF calls on organizations to identify your data and the devices that store, transmit, and process information. This means you must have an inventory of data, the devices, the applications, and the underlying infrastructure that process and store that data.
Now that you know what data you have, you can identify threats and vulnerabilities in the environment. This allows you to focus on protecting the ‘riskiest’ assets or what is most valuable to your organization.
Put protection measures in place
Once you know what you need to protect, put measures in place to safeguard that data. Taking the approach of "We have a firewall. Our data is protected" is long gone. A layered approach to security is imperative protecting the connectivity layer, the application layer, and the device itself.
Monitor, monitor, monitor
There are always changing circumstances, even with the most mature security programs. That is why you must continually monitor the environment to detect events and potential incidents. Not only must you monitor but you must improve your monitoring strategy and technologies that you use. Detection must be efficient and effective - your organization can fall into one of these two buckets: you have been breached and you know it or you have been breached and you don’t know it. Continually optimize and tune the technologies and processes you have in place. You cannot respond to what you can’t detect.
Have a plan
Like we all know, it’s not if you get breached, it’s when. Having a formal, tested response plan that is known by the organization, its stakeholders, and responders is crucial. |
| Envoyé | Oui |
| Condensat | this 13636 account across actions addition adopted all allows also always application applications approach are around assets back based been best between both breach breached buckets: budget build business but calls can can’t cannot case changing circumstances comes compliance connectivity constraints continually controls count critical crucial csf current cybersecurity data defines detect detecting detection developed device devices disrupted don’t each education effective efficient environment establish even events executive facing factors fall financial firewall fits focus formal foundation four framework free from gaps get gone government had has have having help hold hopefully how identify identifying imperative implement implementation implementing improve improved improvement improvements incident incidents including information infrastructure inside international inventory investigate it’s italian its itself know known last layer layered learned least lessons life like long look made manage mature means measures monitor monitoring more moreover most must necessary need needs next nist not nothing now once one only operations opportunity optimize order organization organization: organizational organizations outcomes overall overarching place plan possible potential prioritize private process processes profile programs proposition protect protected protecting protection public put real recover recovering recovery recovery reflection regulation regulatory requirements resources respond responders responding response restore restrictions resulting risk risks safeguard safeguards sector sectors security simplest size sizes solution soon stakeholders states store strategy such take taking target technologies technology terms tested them theme there’s these threats through time tool transmit tune two underlying unique until upon use used using valuable vulnerabilities wants way well went what whatever when where why widely will within without wrong years your |
| Tags | Tool |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.