In the week when the U.S. Secret Service appears to have concluded that the recent Presidential election was subverted by state sponsored hackers it is becoming clearer to the wider world that businesses need to have an incident response plan. Such a plan is very much in line with the NIST Cyber Framework under the category Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
As the National Institute of Security and Technology outlines, to manage cyber-risk, organizations should understand the likelihood that an event will occur and the resulting impact. With this information, organizations can determine the acceptable level of risk for delivery of services and can express this as their risk tolerance.
In my last blog I examined the NIST Framework Protect function and what that means for organisations, their IT teams, Chief Risk Officers and the C-suite. In this week’s blog I examine how Awareness and training form a major pillar of the Protect function.
Fifth Step has developed a Cybersecurity Resiliency Check to faciltate realistic and constructive debate about an organization's current cybersecurity risk profile within the context of the National Institute of Standards and Technology (NIST) Framework Core. Informed by the results of this survey, an organization can begin to chart a clear path toward continuous improvement of cybersecurity resiliency.