The NIST Cybersecurity Framework: What SMBs Need to Know · cybersecurity preparedness. Rocus...
2
The NIST Cybersecurity Framework: What SMBs Need to Know Why is the NIST Cybersecurity Framework important? Cybersecurity is a complex concept that encompasses technology, risk management and mitigation, business processes and procedures, operations, and other functional areas. The interdisciplinary nature of cybersecurity can make it difficult for organizations to operationalize and affect cybersecurity strategy. The NIST CSF provides a roadmap for organizations to begin planning and operationalizing cybersecurity controls that align with specific security outcomes. How does the NIST CSF apply to small and medium businesses (SMBs)? One weakness of the NIST CSF is that fully aligning an organization to all standards and outcomes can be incredibly time consuming, expensive, and challenging – especially for SMBs that may already be resource- constrained or lack a risk management officer and information security specialist on staff. Recognizing these challenges, NIST published “Small Business Information Security: The Fundamentals” in November 2016 to pare down the original NIST CSF recommendations to the fundamental security standards and outcomes that all organizations should have in place to ensure a baseline level of cybersecurity preparedness. Rocus Networks recommends that all organizations begin by mapping their cybersecurity strategy to this SMB-focused framework (unless industry requirements specify alignment with compliance-based standards such as HIPPA or NYDFS). Once the fundamentals have been implemented, work can begin to align to the larger NIST CSF. How does Rocus CyberFusion™ align with the Small Business Fundamentals? The Rocus CyberFusion™ solution combines advanced security technologies, virtual CISO (Chief Information Security Officer) consulting services, 24x7 monitoring and response, and white-glove service for all clients. The CyberFusion™ combination of technology, consulting, and managed services fulfills all 20 fundamental outcomes. The NIST Cybersecurity Framework was created to guide organizaZons through structured steps to protect their networks and data. Below we answer common quesZons about the framework and how Rocus CyberFusion™ helps organizaZons achieve these important and widely-accepted recommendaZons for protecZon. (800) 349-0976 | [email protected] | rocusnetworks.com Contact us to find out how Rocus CyberFusion™ can protect your business What is the NIST Cybersecurity Framework? The National Institute for Standards and Technology (NIST) published the inaugural Cybersecurity Framework (CSF) in 2014 and released update 1.1 in April of 2018. The NIST CSF is the federal government’s attempt to establish comprehensive cybersecurity standards and outcomes for organizations regardless of industry, entity type, or size. The five functions of the framework are: Identify, Protect, Detect, Respond, and Recover. Credit: N. Hanacek/NIST
Transcript of The NIST Cybersecurity Framework: What SMBs Need to Know · cybersecurity preparedness. Rocus...
The NIST Cybersecurity Framework:What SMBs Need to Know
Why is the NIST Cybersecurity Framework important?
Cybersecurity is a complex concept that encompasses technology, risk management and mitigation, business processes and procedures, operations, and other functional areas. The interdisciplinary nature of cybersecurity can make it difficult for organizations to operationalize and affect cybersecurity strategy. The NIST CSF provides a roadmap for organizations to begin planning and operationalizing cybersecurity controls that align with specific security outcomes.
How does the NIST CSF apply to small and medium businesses (SMBs)?
One weakness of the NIST CSF is that fully aligning an organization to all standards and outcomes can be incredibly time consuming, expensive, and challenging – especially for SMBs that may already be resource-constrained or lack a risk management officer and information security specialist on staff.
Recognizing these challenges, NIST published “Small Business Information Security: The Fundamentals” in November 2016 to pare down the original NIST CSF recommendations to the fundamental security standards and outcomes that all organizations should have in place to ensure a baseline level of cybersecurity preparedness. Rocus Networks recommends that all organizations begin by mapping their cybersecurity strategy to this SMB-focused framework (unless industry requirements specify alignment with compliance-based standards such as HIPPA or NYDFS). Once the fundamentals have been implemented, work can begin to align to the larger NIST CSF.
How does Rocus CyberFusion™ align with the Small Business Fundamentals?
The Rocus CyberFusion™ solution combines advanced security technologies, virtual CISO (Chief Information Security Officer) consulting services, 24x7 monitoring and response, and white-glove service for all clients. The CyberFusion™ combination of technology, consulting, and managed services fulfills all 20 fundamental outcomes.
The NIST Cybersecurity Framework was created to guide organizaZons through structured steps to protect their networks and data. Below we answer common quesZons about the framework and how Rocus CyberFusion™ helps organizaZons achieve these important and widely-accepted recommendaZons for protecZon.
(800) 349-0976 | [email protected] | rocusnetworks.com
Contact us to find out how Rocus CyberFusion™ can protect your business
What is the NIST Cybersecurity Framework?
The National Institute for Standards and Technology (NIST) published the inaugural Cybersecurity Framework (CSF) in 2014 and released update 1.1 in April of 2018. The NIST CSF is the federal government’s attempt to establish comprehensive cybersecurity standards and outcomes for organizations regardless of industry, entity type, or size. The five functions of the framework are: Identify, Protect, Detect, Respond, and Recover.
Credit: N. Hanacek/NIST
Source: NIST.govDETECT RESPOND RECOVERIDENTIFY PROTECT
NIST Recommenda6onsSecurity
Technology Controls
Security & IT Consulting/
VCISO
24x7 Managed
Detection and Response
1.1 Identify and control who has access to your business information ✔ ✔ ✔
1.2 Conduct background checks ✔
1.3 Require individual user accounts for each employee ✔ ✔
1.4 Create policies and procedures for information security ✔
2.1 Limit employee access to data and information ✔
2.2 Install surge protectors and uninterrup=ble power supplies (UPS) ✔
2.3 Patch your operating systems and applications ✔ ✔
2.4 Install and activate software and hardware firewalls on all networks ✔ ✔
2.5 Secure your wireless access point(s) and network(s) ✔ ✔
2.6 Set up web and email filters ✔
2.7 Use encryption for sensitive business information ✔ ✔
2.8 Dispose of old computers and media safely ✔
2.9 Train your employees ✔ ✔ ✔
3.1 Install and update anti-virus/spyware/malware programs ✔ ✔
3.2 Maintain and monitor logs ✔ ✔
4.1 Develop a plan for disasters and information security incidents ✔ ✔
5.1 Make full backups of important business data/information ✔ ✔
5.2 Make incremental backups of key business data/information ✔ ✔
5.3 Consider cyber insurance ✔
5.4 Make improvements to processes/procedures/technologies ✔ ✔ ✔
NIST Small Business Information Security: The Fundamentals How Rocus CyberFusion™ Delivers
(800) 349-0976 | [email protected] | rocusnetworks.com
