With yet another IT security warning from the NSA, we’re being asked “so what is best practice?”

24 Jan 2020 | News

Aligning with NIST…..?

Is your Cybersecurity protection matching best practice?

Clearly the cybersecurity stakes are higher.  The security precautions that used to be reasonable are no longer enough.  Stakeholders expect businesses to do more – whether it’s your insurer, your bank, your shareholders or your clients.

The best guidance on “reasonable” is the “NIST” Cybersecurity Framework.  This is also reflected in NZ in the government’s CERTNZ programme.

So what is NIST, and how does Kinetics help you match the standard?

The great news is that we’ve built our KARE for Security service following this guidance.

So, what do you need to do to match “reasonable’? Is KARE for Security enough?

 

In 2018 the US Department of Commerce, National Institute of Standards and Technology (NIST) released version 1.1 of its Cybersecurity Framework.  The Framework was mandated by the US government to improve cybersecurity risk management in critical infrastructure.  Because it references globally recognized standards for cybersecurity, the Framework is used internationally as a guide to strengthening cybersecurity in critical infrastructure as well as other sectors and communities.

The Framework consists of five Core Functions which organise the basic cybersecurity activities at their highest levels.

Kinetics KARE For Security practices and features align with the five Core Functions. The list of features implemented, and the degree of their implementation, can vary from client to client depending on the client’s commitment, technology and business needs.

Identify

 

NIST Description Develop an organisational understanding to manage cybersecurity risk to systems; people; assets; data; and capabilities.

The activities in the ‘Identify’ function are foundational for effective use of the Framework.

Understanding the business context; the resources that support critical functions; and the related cybersecurity risks enables an organisation to focus and prioritise its efforts; consistent with its risk management strategy and business needs.

Examples of outcome categories within this function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy”]

KARE for Security A FlightPlan review covering your technology; governance, risk identification and options on how to reduce it.

  • Monthly reporting and quarterly review meeting including elevated rights and user account reporting
  • Managed IT assets reporting
  • Recommendation reporting; tracking and planning
  • Darkweb identity breach reporting

 

Protect

 

“NIST Description Develop and implement appropriate safeguards to ensure delivery of critical services.

The ‘Protect’ function supports the ability to limit or contain the impact of a potential cybersecurity event.

Examples of outcome categories within this function include:

  • Identity Management and Access Control;
  • Awareness and Training; Data Security;
  • Information Protection Processes and Procedures;
  • Maintenance;
  • and Protective Technology.

 

KARE for Security Multifactor Authentication for identity management and access control.

  • Conditional Access.
  • Awareness through reoccurring Phishing Testing; online Security training and Security Presentations.
  • Microsoft and third party patching.
  • Email record identity management.
  • Office 365 ATP management.
  • DNS Scrubbing.
  • Endpoint Advanced Anti-Virus protection.
  • Backup monitoring/management.
  • Office 365 Backup
  • KARE DR Backup
  • Firewall Packet inspection; Gateway Anti-Virus protection; ATP; Intrusion Prevention Services.
  • Mail Scrubbing.
  • Mobile Device Management.
  • Kinetics Password monitoring and reporting.
  • KARE Password Vault”]

Detect

NIST Description Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.

The ‘Detect’ function enables timely discovery of cybersecurity events.

Examples of outcome categories within this function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.

KARE for Security

  • Office 365 Forwarding alerts.
  • Office 365 Activity (download and deletion) alerts.
  • Elevated rights alerts.
  • Unusual Location alerts.
  • Virus activity alerts.
  • Firewall; Bot; port scan; intrusion alerts.
  • Darkweb identity breach alerting.
  • Backup encryption alerts.”]

 

Respond

NIST Description Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.

The ‘Respond’ function supports the ability to contain the impact of a potential cybersecurity incident.

Examples of outcome categories within this function include: Response Planning; Communications; Analysis; Mitigation; and Improvements.

KARE for Security

  • Kinetics Security Response Team and process.
  • Yearly FlightPlan review.
  • Quarterly review.
  • Recommendations tracking; reporting and planning.

Recovery

NIST Description Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.

The ‘Recover’ function supports timely recovery to normal operations to reduce the impact from a cybersecurity incident.

Examples of outcome categories within this Function include: Recovery Planning; Improvements; and Communications.

KARE for Security

  • Office 365 Backup.
  • Backup monitoring and management.
  • KARE DR Offsite Recovery.
  • KARE DR regular image boot test.
  • KARE DR Recovery test