By Jaron Cayton
You may be familiar with some of the new policies and compliance standards that are now in place for businesses.
Recently, GDPR compliance has been a popular topic, but other regulatory measures like HIPAA and PCI continue to be important subjects for businesses to consider.
Compliance is just one of the many areas that cybersecurity touches in your operation. From asset control to data security, to recovery planning, there is no one product that provides for all areas of cybersecurity.
However, the National Institute of Standards and Technology (NIST) released a Cybersecurity Framework for businesses and providers to adopt in order to better manage cybersecurity threats.
There is no pill to take, but there is a plan to follow.
As described by NIST:
“This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.”
The framework consists of 5 tenets listed below.
● Identify — Risks within your network/business
● Protect — Your assets and establish policies for future assets
● Detect — Incidents and threats
● Respond — With a plan of action based on your policy
● Recover — Normal operations
These items are best practiced in a process of sorts, where a team identifies risks and deploys protection, then detects new or potential threats, responds with a plan, and recovers to normal business operation.
While this example is general it can be applied to nearly every cybersecurity threat. The shift here and across the industry is to move to a proactive approach to cybersecurity. A reactive approach will no longer get the job done.
While implementing the NIST framework in isolation does not guarantee cybersecurity, implementing specific services, user education and best practices around cybersecurity will make a significant difference.
As the local member of a national network of MSPs (Managed Service Providers), TeamLogic IT has adopted this framework as our approach to cybersecurity and risk management. We provide comprehensive computer-based services for managing information technology and are here to help!