The growing threat of cyber attacks across all sectors has resulted in an increase in IT security and compliance demands. Why are businesses and nonprofit organizations struggling to meet them? Even if you don’t fall under a specific regulatory compliance, you no doubt feel the burden of protecting yourself and your stakeholders from cyber threats. The National Institute of Standards and Technology (NIST) guidelines are commonly used as a benchmark for organizations that don’t fall under an industry or state set of IT security mandates. The NIST Framework Core consists of five continuous functions – Identify, Protect, Detect, Respond and Recover.
- Identify – Develop the organizational understanding to manage cyber security risk. Do you have the Asset Management, Governance, and Risk Management expertise to properly identify the areas where you are at greatest risk?
- Protect – Can you develop and implement appropriate safeguards once you have identified your risk areas?
- Detect – Do you have continuous monitoring and the right personnel in place to detect anomalies and events in real-time?
- Respond – When issues are detected or suspected, do you know what to do?
- Recover – Do you have plans in place to restore any capabilities or services that are impacted due to a cyber security event?
If you are like most organizations, you have concerns about your ability to be effective in all areas while still attending to your core business objectives. If you are worse off than you think, you are risking financial and reputation costs that can greatly cripple or even destroy your business. If you are in better shape, you could be worrying needlessly while possibly missing simple changes that could plug holes in your defense strategy.
Remember, the very first step is to identify. Knowing your current state, and where it diverges from best practices is the start. A simple risk assessment can provide this critical information.
