Last year, the National Institute of Standards and Technology (NIST) updated its cybersecurity framework, an industry-best outline for how to improve the security and resilience of your IT infrastructure. It’s a complex document, so we put together this quick list of key takeaways.
1. The framework is designed to help you:
- Describe your current cybersecurity posture
- Identify your target state for cybersecurity
- Prioritize opportunities for improvement
- Assess progress toward your target state
- Communicate risks to internal and external stakeholders
2. This map will show you the cycle of cybersecurity decisions in regard to risk management and framework implementation.
3. How can you implement your cybersecurity framework? Here’s a checklist.
☐ Prioritize and scope: Identify your mission, priorities, and scope of systems
☐ Orient: Identify assets, requirements, and risk approach
☐ Create a current profile: Evaluate your status in its current state
☐ Conduct a risk assessment: Determine a target profile
☐ Create a target profile: Base your target profile on previously defined risks
☐ Determine, analyze, and prioritize gaps
☐ Communicate with stakeholders
4. Conduct a cybersecurity maturity assessment.
According to an article by Jason Christopher of the Forbes Technology Council, a model for cybersecurity maturity is “a valuable tool not only for improving your cybersecurity efforts but also for communicating with upper management and getting the support you need.”
What are the three best ways to assess your cybersecurity maturity, according to Lume CIO Peter Capelli?
- Review your Information Security Policies
- Conduct interviews with process owners
- Compare your maturity against the 98 NIST sub-categories
5. Let’s talk about it.
Are you a novice who needs hands-on assistance managing your cybersecurity framework? Or a seasoned professional who wants to work with Lume? We’d love to hear from you. Contact us today!