Maintaining effective IT security is an increasingly daunting and complex task. CIOs and CISOs need to ensure core data and applications are secure 24/7, while maintaining a level of balance that upholds the productivity of the organisation.
Executives need to provide confidence to shareholders, partners and clients to sustain business operations, and a large part of this assurance relies on strong, undisrupted IT security functions.
Refamiliarising ourselves with the NIST Framework
With only a rise in cybersecurity incidents in the foreseeable future, it is helpful to refamiliarise oneself with the fundamentals. In light of recent cybersecurity events, the National Institute of Standards of Technology (NIST) framework is worth revisiting.
When properly implemented, the framework will provide guidance on the selection of appropriate controls, as well as operational actions required to ensure these controls minimise risk throughout the cycle. The NIST framework comprises five key functions that address the risk-management cycle and these five functions are then divided into 23 categories that address a wide range of cybersecurity objectives.
5 key functions in the NIST framework
Gaining visibility over your environment will support your understanding of what is to be managed. It is crucial to have full visibility of digital and physical assets, their roles and responsibilities and your existing security posture.
This part of the process reveals which assets are truly worth protecting, as not all assets are necessarily threatened. This identification stage provides a solid foundation for the following functions and ensures that each element can be understood in a business context so any disruption can be quantified.
Implementing the proper safeguards in accordance with the aforementioned identified assets will ensure the delivery of critical services and limit the impact during a cybersecurity event. The protection function is a proactive process of controlling access to all assets, securing data and maintaining security awareness within the organisation.
This aspect of the framework assists in limiting potential disruption and will allow the function of normal business operations.
An IT security team should execute the appropriate tools and processes that will allow rapid detection in the case of a cybersecurity event. Continuous monitoring tools and threat hunting should be implemented to survey all networks and alert staff to anomalous or unusual network activity.
A thorough list should be created to address the response process during a cybersecurity incident. This response list should be developed in order to minimise all impacts on the business and the corresponding affects on other stakeholders.
It should cover what communications are required from certain areas of the organisation, such as human resources, public relations and legal affairs. It should also include an analysis of the event that will be consulted during a revision of the organisation’s response strategy.
A swift return to normal business operations is ideal and is made all the more attainable if the correct measures are put in place in advance. This involves internal work, like the restoration of IT infrastructure and applications, to external remediation, like the notification of valued customers and partners.
It is often difficult to know how to respond to media enquiries or calls from distressed customers in the aftermath of an incident. Miscommunication can be avoided if a framework is put in place.