Aligning with NIST.....?
Aligning with NIST.....?
Is your Cybersecurity protection matching best practice?
Clearly the cybersecurity stakes are higher. The security precautions that used to be reasonable are no longer enough. Stakeholders expect businesses to do more – whether it’s your insurer, your bank, your shareholders or your clients.
The best guidance on “reasonable” is the “NIST” Cybersecurity Framework. This is also reflected in NZ in the government’s CERTNZ programme.
So what is NIST, and how does Kinetics help you match the standard?
So what is NIST, and how does Kinetics help you match the standard?
The great news is that we’ve built our KARE for Security service following this guidance.
So, what do you need to do to match “reasonable’? Is KARE for Security enough?
In 2018 the US Department of Commerce, National Institute of Standards and Technology (NIST) released version 1.1 of its Cybersecurity Framework. The Framework was mandated by the US government to improve cybersecurity risk management in critical infrastructure. Because it references globally recognized standards for cybersecurity, the Framework is used internationally as a guide to strengthening cybersecurity in critical infrastructure as well as other sectors and communities.
The Framework consists of five Core Functions which organise the basic cybersecurity activities at their highest levels.
Kinetics KARE For Security practices and features align with the five Core Functions. The list of features implemented, and the degree of their implementation, can vary from client to client depending on the client’s commitment, technology and business needs.
Identify
NIST Description |
---|
Develop an organisational understanding to manage cybersecurity risk to systems; people; assets; data; and capabilities.
The activities in the ‘Identify’ function are foundational for effective use of the Framework. Understanding the business context; the resources that support critical functions; and the related cybersecurity risks enables an organisation to focus and prioritise its efforts; consistent with its risk management strategy and business needs. Examples of outcome categories within this function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy |
KARE for Security |
---|
A FlightPlan review covering your technology; governance | risk identification and options on how to reduce it.
|
Protect
NIST Description |
---|
Develop and implement appropriate safeguards to ensure delivery of critical services.
The ‘Protect’ function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome categories within this function include:
|
KARE for Security |
---|
Multifactor Authentication for identity management and access control.
|
Detect
NIST Description |
---|
Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
The ‘Detect’ function enables timely discovery of cybersecurity events. Examples of outcome categories within this function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.
|
KARE for Security |
---|
|
Respond
NIST Description |
---|
Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
The ‘Respond’ function supports the ability to contain the impact of a potential cybersecurity incident. Examples of outcome categories within this function include: Response Planning; Communications; Analysis; Mitigation; and Improvements. |
KARE for Security |
---|
|
Recovery
NIST Description |
---|
Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
The ‘Recover’ function supports timely recovery to normal operations to reduce the impact from a cybersecurity incident. Examples of outcome categories within this Function include: Recovery Planning; Improvements; and Communications. |
KARE for Security |
---|
|