The National Institute of Technology and Standards, or NIST was tasked with developing a framework that could be used to understand and manage cybersecurity defenses. So, in good government fashion they came up with a 56 page document full of dense text and tables and so on. But – and this is the important part – they summarized it into 5 functions, each a different high level action step. And that provides a good jumping off place to start thinking about a cybersecurity program for your business.
We’ve come up with 20 questions, none of them really technical, that can help you start or accelerate the development of your cybersecurity defenses. As you think through these questions, a framework that fits your business should start to emerge.
Identify cybersecurity threats
Protect the system
Detect threats in a timely manner
Respond to detected threats
Recover from an incident
If you address these broad questions in terms of; People, Process, and Technology you will get a pretty clear picture of your situation. Some answers may be more people or technology focused but keep all three facets in mind for each answer.
This is a great way to build a basic cybersecurity program. Start by answering the questions for the way things are now. Some gaps will show up - they always do – and use those gaps to determine the most important things to work on and how to improve.
And if you want to skip right to the sleep aid section of the NIST Cybersecurity Framework, here’s a link to the full document: Nist. There is a lot more to the whole framework and I hope to be able to post some more about how to make it effective in the real world of never enough time resources, but that means I will need time and resources.