?? CYBERSECURITY FRAMEWORK: 6 Steps
Frank Feather
??LinkedIn "TOP VOICE" ?World-Leading Futurist ?CEO of QAIMETA Inc ??READY to SERVE YOU: ?Inspiring Keynotes ?Future-Proof Quantum-AI-Metaverse Strategies ?BoD Member / Advisor ?C-Suite Advisor
?? #CYBERSECURITY #FRAMEWORK: 6 Steps
??? Potential impacts from cybersecurity #risks include higher costs, lower revenue, reputational damage, and the impairment of innovation. They also threaten individual privacy and access to essential services.
??? This recently-released and updated #NIST framework bears repeating. It provides guidance to industry, government agencies, and other organizations — regardless of size, sector, or maturity — to reduce cybersecurity risks. It helps you understand, assess, prioritize, and communicate about those risks, and the actions that will reduce them, in 6 ways, as follows:
?
?? 1: GOVERN: Establish and monitor your cybersecurity risk management strategy, expectations, and policy.
??? Governance is cross-cutting and provides outcomes on how you will achieve and prioritize the outcomes of the other 5 Functions (below) in the context of mission and stakeholder expectations. This is critical for incorporating cybersecurity into your broader enterprise risk management strategy. It directs an understanding of organizational context; the establishment of cybersecurity strategy, and cybersecurity supply chain risk management; roles, responsibilities, and authorities; policies, processes, and procedures; and the oversight of cybersecurity strategy.
?
?? 2: IDENTIFY: Help determine the current cybersecurity risk to the organization.
??? Understanding your assets (e.g., data, hardware, software, systems, facilities, services, people) and the related cybersecurity risks enables you to focus and prioritize your efforts consistent with your risk management strategy and mission. It includes the identification of improvements needed to policies, processes, procedures, and practices supporting cybersecurity risk management to inform efforts under all 6 steps.
?
?? 3: PROTECT: Use safeguards to prevent or reduce cybersecurity risk.
??? Once assets and risks are identified and prioritized, you need to secure those assets to prevent or reduce the likelihood and impact of adverse events. This covers awareness and training, data security, identity management, authentication, access control, platform security (i.e., securing hardware, software, and services of physical and virtual platforms), and the resilience of technology infrastructure.
?
?? 4: DETECT: Find and analyze possible cybersecurity attacks and compromises.
??? This enables timely discovery and analysis of anomalies, indicators of compromise, and other potentially adverse cybersecurity events that may indicate that attacks and incidents are occurring.
?
?? 5: RESPOND: Take action regarding a detected cybersecurity incident.
领英推荐
??? This is the ability to contain the impact of incidents, including incident management, analysis, mitigation, reporting, and communication.
?
?? 6: RECOVER: Restore assets and operations impacted by an incident.
??? This is the timely restoration of normal operations and enable appropriate communication during recovery efforts.
?? PROFILES
??? You then need to establish 2 types of Profiles:
?
?? 1: Current Profile: Core outcomes that you are currently achieving (or attempting to achieve) and how or to what extent each outcome is being achieved.
?
?? 2: Target Profile: Desired outcomes that you selected and prioritized from the Core for achieving your cybersecurity management objectives. It takes into account anticipated changes to your cybersecurity posture, such as new requirements, new technology adoption, and cybersecurity threat intelligence trends.
?
Source: For full details, please see the full 52-page PDF, available free here: https://doi.org/10.6028/NIST.CSWP.29.ipd
? Thanks for Reading my QAIMETA for BUSINESS LinkedIn Newsletter. It's FREE and has 7,500+ “subscribers” – including CxOs globally. Please join them! (Switch on Newsletter Notifications to be Notified when each issue is published.)
?
Independent Digital Non-Executive Director, C-Suite Executive, Serial Business Advisor for Growth-Phase Tech Companies, and Best Selling Author
1 年A great share Frank, With two out of five cyberattacks now indirect, organizations must look beyond their own four walls to their broader business ecosystems. They should become masters of cybersecurity execution by stopping more attacks, finding and fixing breaches faster and reducing breach impact. In this way, they can not only realize security innovation success but also achieve greater cyber resilience. Cybersecurity remains much talked about, yet underleveraged as a differentiating factor on the business side. With generative AI, there is a real opportunity to move ahead and designate the security of products, production process, and platforms as a strategic priority. The breadth of the challenge spans the entire supply chain and the whole product lifecycle and includes both the regulatory and the communication strategy. For CEOs Digital organizations, we believe cybersecurity should be at the top of the agenda until rigorous processes are in place, resilience is established, and mindsets are transformed.
??LinkedIn "TOP VOICE" ?World-Leading Futurist ?CEO of QAIMETA Inc ??READY to SERVE YOU: ?Inspiring Keynotes ?Future-Proof Quantum-AI-Metaverse Strategies ?BoD Member / Advisor ?C-Suite Advisor
1 年Thanks for liking this Dan Oprea - Own Business Executive
??LinkedIn "TOP VOICE" ?World-Leading Futurist ?CEO of QAIMETA Inc ??READY to SERVE YOU: ?Inspiring Keynotes ?Future-Proof Quantum-AI-Metaverse Strategies ?BoD Member / Advisor ?C-Suite Advisor
1 年Thanks for liking this Antonio Grasso
??LinkedIn "TOP VOICE" ?World-Leading Futurist ?CEO of QAIMETA Inc ??READY to SERVE YOU: ?Inspiring Keynotes ?Future-Proof Quantum-AI-Metaverse Strategies ?BoD Member / Advisor ?C-Suite Advisor
1 年Thanks for liking this Giuliano Liguori
??LinkedIn "TOP VOICE" ?World-Leading Futurist ?CEO of QAIMETA Inc ??READY to SERVE YOU: ?Inspiring Keynotes ?Future-Proof Quantum-AI-Metaverse Strategies ?BoD Member / Advisor ?C-Suite Advisor
1 年Thanks for liking this Lava Kafle