The NIST Cybersecurity Framework is a methodology designed to simplify the process of planning, implementing, managing and responding to threats from a holistic point of view in the Information Technology Delivery and Security space. It is specifically designed for organizations that either have no or very little cybersecurity planning, processes or responses to emerging threats.

Every day, thousands of individuals and corporations are targeted for attack. It’s a matter of when, not if, you’re systems and people will be tested for compromise. The NIST Cybersecurity Framework consists of 5 key parameters that aid the organization to better understand, assess, prioritize and communicate their cybersecurity efforts.

TorchLight recommends taking a few minutes at the start of the New Year to review any major component changes, ensure the proper controls are in place (for example, two factor authentication on cloud based admin accounts), and then build a responsive plan for any detected breaches. By planning ahead for worst case scenarios, you’re inoculating your business to the ever growing threat of hackers. And NIST has simplified this process immensely with the NIST Cybersecurity Framework Small Business Quick Start Guide that can be downloaded here!

Govern

The Govern Function helps you establish and monitor your business’s cybersecurity risk management strategy, expectations, and policy. By taking a moment to annually review and confirm organizational goals such as business mission statement, legal, regulatory and contractual cybersecurity requirements and how cybersecurity risks prevent you from executing your mission, you’ve defined the critical components of your business risk.

Identify

The Identify Function helps you determine the current cybersecurity risk to the business. This step involves identifying the major systems, hardware, software and service in production to fulfill the mission of the business. This includes identifying all servers, databases, web applications, mobile applications, platforms that utilize your business’ data and even shadow IT systems. Once you’ve identified your major systems, assign a sensitivity and criticality level to each system. And then ask questions like, what are the cybersecurity and privacy risks associated with each system? What technologies or services are personnel using to accomplish their work? Are these services or technologies secure and approved for use?

Protect

The Protect Function supports your ability to use safeguards to prevent or reduce cybersecurity risks. Understand what information employees should or do have access to. Assess the timeliness, quality, and frequency of your company’s cybersecurity training for employees. Make sure that employees, vendors and potentially customers know how to recognize common attacks, suspicious activity and report attacks.

Ask critical questions around data access and potentially restricting access and privileges to only those who need it. Are we reviewing access when access is no longer needed? Are we restricting access and privileges only to those who need it? Are we removing access when they no longer need it? Are we securely destroying data and data storage systems when they reach end of production use? And do employees possess the knowledge and skills to perform their jobs with security in mind?

Detect

The Detect Function provides outcomes that help you find and analyze possible cybersecurity attacks and compromises. Assess your computing technologies and external services for deviations from expected or typical behavior and ensure the physical environment is secure and be on the lookout for signs of tampering or suspicious activity. Ensure that antivirus and antimalware agents are on all business devices and potentially engaging a service provider to monitor computers and networks for suspicious activity if you don’t have the resources to do it internally. And ensure that Operating System and Application patching mechanism exists to ensure vulnerabilities are patched on a consistent basis.

Respond

The Respond Function supports your ability to take action regarding a detected cybersecurity incident. It is critical to understand in advance what your incident response plan is and who has authority and responsibility for implementing various aspects of the plan. Assess your ability to respond to a cybersecurity incident and assess the incident to determine its severity, what happened, and its root cause. Do we have a cybersecurity incident response plan? Has it been practiced to ensure it’s feasible? Do we know who the key internal and external stakeholders and decision-makers are who will assist if we have a confirmed cybersecurity inciden

Recover

The Recover Function involves activities to restore assets and operations that were impacted by a cybersecurity incident. It is critical to understand who within and outside your business has recovery responsibilities. You will want to assess the integrity of your backed-up data and assets before using them for
restoration. The questions to ask at this stage include what are our lessons learned? How can we minimize the chances of a cybersecurity incident happening in the future? How do we ensure that the recovery steps we are taking are not introducing new vulnerabilities to our business? What are our legal, regulatory, and contractual obligations for communicating to internal and external stakeholders about a cybersecurity incident?

Conclusion

The NIST cybersecurity framework small business quickstart is a convenient and simple to use format that you can go as deep or as wide as you’d like. We highly recommend that you spend a few minutes with this tool with your leadership team to review your systems, ensure you’ve captured all of the systems, have the tablestakes for basic IT success with Antivirus, Patching and Back Ups in place, appropriate privileges to data are utilized and reviewed periodically, have systems and processes in place to detect intrusion, a robust plan to stop and mitigate the hackers and recovery steps to get back to normal business operations. Download the Quickstart here.