top of page
CYBER SECURITY ASSESSMENT
WHAT HAPPENS DURING A CYBER SECURITY ASSESSMENT?
MS CyRIGo uses the NIST Cybersecurity Framework which provides organizations with a risk-based compilation of guidelines that can help them identify, implement, and improve cybersecurity practices. Our goal is to identify security gaps that will link the divide between the current security architecture and a more vigorous information security program. The Framework does not introduce new standards or concepts; rather, it leverages and integrates cybersecurity practices that have been developed by organizations like NIST and the International Standardization Organization (ISO).
Developing and supporting an information security program is a continual that is revised over time. Our approach begins with evaluating the current IS program, identifying gaps, determining mitigations, implementing improvements, and creating the ongoing continuous management process. "Core" Framework practices are composed of five concurrent and continuous functions—Identify, Protect, Detect, Respond, and Recover—that provide a strategic view of the lifecycle of an organization’s management of cybersecurity risk. Each function is further divided into categories tied to programmatic needs and particular activities. In addition, each category is broken down into subcategories that point to informative references.
The five functions signify the key elements of effective cybersecurity. Identify helps organizations gain an understanding of how to manage cybersecurity risks in systems, assets, data, and capabilities. Protect helps organizations develop the controls and safeguards necessary to protect against or deter cybersecurity threats. Detect are the steps organizations should consider taking to provide proactive and real-time alerts of cybersecurity-related events. Respond helps organizations develop effective incident response activities. And Recover is the development of continuity plans so organizations can maintain resilience—and get back to business—after a breach.
The Framework breaks down each of these functions into additional categories and then provides helpful guidance.
For example, as the chart above shows, the Identify function has five categories: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy. Under Governance, one of the four subcategories is that an organization should establish an organizational security policy. The subcategory points organizations to standards such as COBIT, ISA, ISO/IEC, and NIST SP 800-53 Rev. 4 for information on how to implement a policy.
Examples of Identify Action Steps:
-
Establish an organizational information security policy.
-
Coordinate and align information security roles and responsibilities with internal and external partners.
-
Identify and document asset vulnerabilities.
-
Inventory physical devices and systems within the organization.
Examples of Detect Action Steps:
-
Aggregate and correlate event data from multiple sources and sensors.
-
Monitor the network to detect potential cybersecurity events.
-
Monitor personal activity to detect potentional cybersecurity.
-
Monitor for unauthorized personnel, connections, devices, and software.
-
Communicate event detection information to appropriate parties.
Examples of Protect Action Steps:
-
Manage identities and credentials for authorized devices and users.
-
Manage and protect physical access to assets.
-
Manage remote access.
-
Manage access permissions, incorporating the principles of least privilege and separation of duties.
-
Protect network integrity, incorporating network segregation where appropriate.
Examples of Respond Action Steps:
-
Execute response plans during or after an event.
-
Share information consistent with response plans.
-
Coordinate with stakeholders consistent with response plans.
-
Contain incidents.
-
Investigate notifications from detection systems.
Examples of Recover Action Steps:
-
Develop implement, and maintain plans for resilience.
-
Restore capabilities or services that were impaired due to a cybersecurity event.
-
Document lessons learned.
-
Coordinate with internal and external parties.
-
Communicate recovery activities with coordinating centers, ISP's, and victims.
As the Framework recognizes, there’s no one-size-fits-all approach to managing cybersecurity risk. There are unique risks, different threats, different vulnerabilities, different risk tolerances and the approach to risk management will vary for each organization. But that’s the benefit of the Framework: It’s not a checklist, but rather a compilation of industry-leading cybersecurity practices.
For most organizations, critical infrastructure or not, the Framework may be well worth using solely for its stated goal of improving risk-based security. But it also can deliver additional benefits—for example, encouraging effective collaboration and communication with company executives and industry organizations.
That’s because the Core provides a common language regarding cybersecurity issues that can help facilitate important discussions between an organization’s IT staff and its business people, some of whom may tune out when they hear technical terminology.
bottom of page