?? CYBERSECURITY FRAMEWORK: 6 Steps

?? CYBERSECURITY FRAMEWORK: 6 Steps

?? #CYBERSECURITY #FRAMEWORK: 6 Steps

??? Potential impacts from cybersecurity #risks include higher costs, lower revenue, reputational damage, and the impairment of innovation. They also threaten individual privacy and access to essential services.

??? This recently-released and updated #NIST framework bears repeating. It provides guidance to industry, government agencies, and other organizations — regardless of size, sector, or maturity — to reduce cybersecurity risks. It helps you understand, assess, prioritize, and communicate about those risks, and the actions that will reduce them, in 6 ways, as follows:

?

?? 1: GOVERN: Establish and monitor your cybersecurity risk management strategy, expectations, and policy.

??? Governance is cross-cutting and provides outcomes on how you will achieve and prioritize the outcomes of the other 5 Functions (below) in the context of mission and stakeholder expectations. This is critical for incorporating cybersecurity into your broader enterprise risk management strategy. It directs an understanding of organizational context; the establishment of cybersecurity strategy, and cybersecurity supply chain risk management; roles, responsibilities, and authorities; policies, processes, and procedures; and the oversight of cybersecurity strategy.

?

?? 2: IDENTIFY: Help determine the current cybersecurity risk to the organization.

??? Understanding your assets (e.g., data, hardware, software, systems, facilities, services, people) and the related cybersecurity risks enables you to focus and prioritize your efforts consistent with your risk management strategy and mission. It includes the identification of improvements needed to policies, processes, procedures, and practices supporting cybersecurity risk management to inform efforts under all 6 steps.

?

?? 3: PROTECT: Use safeguards to prevent or reduce cybersecurity risk.

??? Once assets and risks are identified and prioritized, you need to secure those assets to prevent or reduce the likelihood and impact of adverse events. This covers awareness and training, data security, identity management, authentication, access control, platform security (i.e., securing hardware, software, and services of physical and virtual platforms), and the resilience of technology infrastructure.

?

?? 4: DETECT: Find and analyze possible cybersecurity attacks and compromises.

??? This enables timely discovery and analysis of anomalies, indicators of compromise, and other potentially adverse cybersecurity events that may indicate that attacks and incidents are occurring.

?

?? 5: RESPOND: Take action regarding a detected cybersecurity incident.

??? This is the ability to contain the impact of incidents, including incident management, analysis, mitigation, reporting, and communication.

?

?? 6: RECOVER: Restore assets and operations impacted by an incident.

??? This is the timely restoration of normal operations and enable appropriate communication during recovery efforts.


?? PROFILES

??? You then need to establish 2 types of Profiles:

?

?? 1: Current Profile: Core outcomes that you are currently achieving (or attempting to achieve) and how or to what extent each outcome is being achieved.

?

?? 2: Target Profile: Desired outcomes that you selected and prioritized from the Core for achieving your cybersecurity management objectives. It takes into account anticipated changes to your cybersecurity posture, such as new requirements, new technology adoption, and cybersecurity threat intelligence trends.

?

Source: For full details, please see the full 52-page PDF, available free here: https://doi.org/10.6028/NIST.CSWP.29.ipd


? Thanks for Reading my QAIMETA for BUSINESS LinkedIn Newsletter. It's FREE and has 7,500+ “subscribers” – including CxOs globally. Please join them! (Switch on Newsletter Notifications to be Notified when each issue is published.)

?

Geoff Hudson-Searle

Independent Digital Non-Executive Director, C-Suite Executive, Serial Business Advisor for Growth-Phase Tech Companies, and Best Selling Author

1 年

A great share Frank, With two out of five cyberattacks now indirect, organizations must look beyond their own four walls to their broader business ecosystems. They should become masters of cybersecurity execution by stopping more attacks, finding and fixing breaches faster and reducing breach impact. In this way, they can not only realize security innovation success but also achieve greater cyber resilience. Cybersecurity remains much talked about, yet underleveraged as a differentiating factor on the business side. With generative AI, there is a real opportunity to move ahead and designate the security of products, production process, and platforms as a strategic priority. The breadth of the challenge spans the entire supply chain and the whole product lifecycle and includes both the regulatory and the communication strategy. For CEOs Digital organizations, we believe cybersecurity should be at the top of the agenda until rigorous processes are in place, resilience is established, and mindsets are transformed.

回复
Frank Feather

??LinkedIn "TOP VOICE" ?World-Leading Futurist ?CEO of QAIMETA Inc ??READY to SERVE YOU: ?Inspiring Keynotes ?Future-Proof Quantum-AI-Metaverse Strategies ?BoD Member / Advisor ?C-Suite Advisor

1 年

Thanks for liking this Dan Oprea - Own Business Executive

Frank Feather

??LinkedIn "TOP VOICE" ?World-Leading Futurist ?CEO of QAIMETA Inc ??READY to SERVE YOU: ?Inspiring Keynotes ?Future-Proof Quantum-AI-Metaverse Strategies ?BoD Member / Advisor ?C-Suite Advisor

1 年

Thanks for liking this Antonio Grasso

Frank Feather

??LinkedIn "TOP VOICE" ?World-Leading Futurist ?CEO of QAIMETA Inc ??READY to SERVE YOU: ?Inspiring Keynotes ?Future-Proof Quantum-AI-Metaverse Strategies ?BoD Member / Advisor ?C-Suite Advisor

1 年

Thanks for liking this Giuliano Liguori

Frank Feather

??LinkedIn "TOP VOICE" ?World-Leading Futurist ?CEO of QAIMETA Inc ??READY to SERVE YOU: ?Inspiring Keynotes ?Future-Proof Quantum-AI-Metaverse Strategies ?BoD Member / Advisor ?C-Suite Advisor

1 年

Thanks for liking this Lava Kafle

要查看或添加评论,请登录

Frank Feather的更多文章

  • ?? FUTURE FORESIGHT

    ?? FUTURE FORESIGHT

    ?? #DigiHuman #Experience #Economy ??? The digital economy is the basis of the upcoming QAIMETA revolution. It relies…

    28 条评论
  • ?? QAIMETA Strategies

    ?? QAIMETA Strategies

    ?? #QAIMETA #REVOLUTION #2025 The Qaimeta Revolution will unfold rapidly in 2025. Are you ready? Here's a summary of 3…

    20 条评论
  • ?? FUTURE FORESIGHT

    ?? FUTURE FORESIGHT

    ?? #THINK #DIFFERENT #MINDMAP ??? Winners “think different” in at least 8 ways. ?Thanks for reading #FUTURE #FORESIGHT…

    24 条评论
  • ?? QAIMETA Strategies

    ?? QAIMETA Strategies

    ?? #QAIMETA #REVOLUTION #2025 The Qaimeta Revolution will unfold rapidly in 2025. Are you ready? Here's a summary of 3…

    24 条评论
  • ?? FUTURE FORESIGHT

    ?? FUTURE FORESIGHT

    ?? #FUTURE-#PROOF #BUSINESS #REINVENTION ??? To reinvent a business for the #QAIMETA era, you need 3 basic foundations…

    18 条评论
  • ?? QAIMETA Strategies

    ?? QAIMETA Strategies

    ?? #QAIMETA #REVOLUTION #2025 The Qaimeta Revolution will unfold rapidly in 2025. Are you ready? Here's a summary of 3…

    22 条评论
  • ?? #THINK #FUTURE

    ?? #THINK #FUTURE

    ?? #STAKEHOLDER #RESPONSIBILITY ??? Stakeholder #Capitalism, as it is now known, refers to #Shareholders, as well as…

    24 条评论
  • ?? FUTURE FORESIGHT

    ?? FUTURE FORESIGHT

    ?? #BALANCED #LEADERSHIP #MINDSET ??? By implication, leaders must truly “lead” – that is, into the Future. And to be…

    23 条评论
  • ?? QAIMETA Strategies

    ?? QAIMETA Strategies

    ?? #QAIMETA #REVOLUTION #2025 The Qaimeta Revolution will unfold rapidly in 2025. Are you ready? Here's a summary of 3…

    26 条评论
  • ?? #THINK #FUTURE

    ?? #THINK #FUTURE

    ?? #GLOBAL #VILLAGE #PLANET ??? We presently live in a Global Village, but sadly, we are still tribalized, with all…

    24 条评论

社区洞察

其他会员也浏览了