As part of their national cybersecurity awareness campaign, the Department of Homeland Security encourages the use of the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the focus of this second installment of the DHS Cybersecurity Series. This framework, a set of standards and best practice guidelines, was designed to help organizations manage and reduce their cybersecurity risks. Additionally, the framework is useful in fostering a common cyber risk management language that businesses can use to communicate with internal and external stakeholders before, during, and after an incident.
Although the primary audience are those organizations defined as critical to maintaining our national infrastructure—energy and water utilities, transportation, financial services, communications, healthcare and public health, food and agriculture, chemical and other facilities, key manufacturers, dams, emergency services—the Cybersecurity Framework Core (CSF Core) has five functional areas any business large or small can use to better assess their risks, plan for threats, and react to and recover from cyber-attacks.
Figure 1 represents a snapshot of one category, its subcategories, and their associated standards and other informative references for the Identify function, the first of the five functional areas within the CSF Core. All of the functions are summarized below; click here to download the complete CSF Core.
The identify section of the CSF Core encourages organizations to focus on their assets, business environment, governance, risk assessment, and risk management strategy to recognize how these areas are defined, cataloged, communicated, and mapped to various internal and external roles. Once these aspects are documented, you can upload them to the Manage Program section of your portal so that all necessary personnel has 24/7 access.
The protect section of the CSF Core suggests organizations implement practices that control who has access to critical information, strengthen data security, and ensure maintenance and repairs to the systems are performed on a regular basis. These practices can be administered through policies and training programs. Use the Information Security training course and the information in the Cyber Threats section of your portal to help you with your training efforts, and be sure to upload any security policies and plans.
The detect section of the CSF Core urges organizations to continuously monitor their systems so that anomalous activity is detected early. Additionally, organizations should test their detection practices regularly to ensure they comply with company standards. We offer additional services that can help you with your detection practices, such as penetration and vulnerability testing. Contact your Customer Success representative to learn more.
The respond section of the CSF Core advises organizations to have response measures in place that include knowing who is responsible for what, coordinating internal and external communications, taking measures to prevent the incident from expanding, and analyzing efforts for areas of improvement. For suggestions on how to respond to specific types of cyber-attacks, including malware, data breaches, and social media threats, visit Cyber Threats in the Knowledge Center of your portal.
The recover section of the CSF Core recommends that organizations have recovery processes in place to ensure the timely restoration of systems and assets affected by cybersecurity events. Organizations should also include communications plans in their recovery efforts, as well as analysis for improvement. If you need help with your communications plan, download the Crisis Communications Planning checklist in your portal.
Although these guidelines are in place to help you improve upon your current cybersecurity risk management practices, they should not be used as a one-size-fits-all approach. Each company has unique needs and should customize these guidelines accordingly. If you have questions on ways to tailor these and other cybersecurity recommendations to fit your business needs, contact your Customer Success representative.
Next week, be on the lookout for the final part of the DHS Cybersecurity Series, the Critical Infrastructure Cyber Community C3 (C-Cubed) Voluntary Program. This program provides detailed information on the CSF Core functional areas for easier adoption.
Marlia Fontaine-Weisse is the Content Manager for Preparis.