?? CYBERSECURITY FRAMEWORK

? Thanks for Reading my daily #LinkedIn #Newsletter. It's FREE and has 6,400+ “subscribers.” Please join them. (Note: Switch on #Newsletter #Notifications settings to be #Notified when each issue is published.)

?? #CYBERSECURITY #FRAMEWORK {#infographic}

??? Potential impacts from cybersecurity risks include higher #costs, lower #revenue, reputational #damage, and the impairment of #innovation. They also threaten individual #privacy and access to essential services.

??? This updated NIST framework (see link below) provides guidance to business, government, and other organizations — regardless of size, sector, or maturity — to reduce cybersecurity risks.

??? It helps you understand, assess, prioritize, and communicate about those risks, and the actions that will reduce them, in 6 ways, as follows:

?? 6-STEP FRAMEWORK

??? 1. GOVERN: Establish and monitor your cybersecurity risk management #strategy, expectations, and policy.

??? Governance is cross-cutting and provides outcomes on how you will achieve and prioritize the outcomes of the other 5 Functions (next, below) in the context of mission and stakeholder expectations.

??? This is critical for incorporating cybersecurity into your broader enterprise risk management strategy. It directs an understanding of organizational context, the establishment of cybersecurity strategy, cybersecurity supply chain risk management. roles, responsibilities, authorities, policies, processes, procedures, and strategic oversight.

??? 2. IDENTIFY: Determine the current cybersecurity risk to the organization.

??? Understanding your #assets (e.g., data, hardware, software, systems, facilities, services, people) and the related cybersecurity risks enables you to focus and prioritize your efforts consistent with your risk management strategy and mission.

??? It includes the identification of improvements needed to policies, processes, procedures, and practices supporting cybersecurity risk management to inform efforts under all 6 steps.

??? 3. PROTECT: Use safeguards to prevent or reduce cybersecurity risk.

??? This covers awareness and training, data security, identity management, authentication, access control, platform security (i.e., securing hardware, software, and services of physical and virtual platforms), and the resilience of technology infrastructure.

??? 4. DETECT: Find and analyze possible attacks and compromises.

??? This enables timely discovery and analysis of anomalies, indicators of compromise, and other potentially adverse events that may indicate that attacks and incidents are occurring.

??? 5. RESPOND: Take action regarding a detected cyber incident.

??? This is the ability to contain the impact of incidents, including incident management, analysis, mitigation, reporting, and communication.

??? 6. RECOVER: Restore assets and operations impacted by an incident.

??? This is the timely restoration of normal operations and enable appropriate communication during recovery efforts.

?? PROFILES

??? You then need to establish 2 types of Profiles:

??? 1. Current Profile: Core outcomes that you are currently achieving (or attempting to achieve) and how or to what extent each outcome is being achieved.

??? 2. Target Profile: Desired outcomes that you selected and prioritized from the Core for achieving your cybersecurity management objectives. It takes into account anticipated changes to your cybersecurity posture, such as new requirements, new technology adoption, and cyber threat intelligence trends.

(Source: For full details, please see the full 52-page PDF, available free here: https://doi.org/10.6028/NIST.CSWP.29.ipd)