top of page

CYBER SECURITY ASSESSMENT

WHAT HAPPENS DURING A CYBER SECURITY ASSESSMENT?

MS CyRIGo uses the NIST Cybersecurity Framework which provides organizations with a risk-based compilation of guidelines that can help them identify, implement, and improve cybersecurity practices. Our goal is to identify security gaps that will link the divide between the current security architecture and a more vigorous information security program.  The Framework does not introduce new standards or concepts; rather, it leverages and integrates cybersecurity practices that have been developed by organizations like NIST and the International Standardization Organization (ISO).

Developing and supporting an information security program is a continual that is revised over time.  Our approach begins with evaluating the current IS program, identifying gaps, determining mitigations, implementing improvements, and creating the ongoing continuous management process.  "Core" Framework practices are composed of five concurrent and continuous functions—Identify, Protect, Detect, Respond, and Recover—that provide a strategic view of the lifecycle of an organization’s management of cybersecurity risk.  Each function is further divided into categories tied to programmatic needs and particular activities.  In addition, each category is broken down into subcategories that point to informative references.

The five functions signify the key elements of effective cybersecurity.  Identify helps organizations gain an understanding of how to manage cybersecurity risks in systems, assets, data, and capabilities.  Protect helps organizations develop the controls and safeguards necessary to protect against or deter cybersecurity threats.  Detect are the steps organizations should consider taking to provide proactive and real-time alerts of cybersecurity-related events.  Respond helps organizations develop effective incident response activities. And Recover is the development of continuity plans so organizations can maintain resilience—and get back to business—after a breach.  

NIST-Cyber-Framework.png