Request Demo

NIST Cybersecurity Framework

Consider This Cyber-Strategy for 2018: Adopt a Common Language for Cybersecurity


Security fragmentation is a recurring issue amongst many if not all industries. The growing threat of cyberattacks and data breaches is growing, yet the ability for industries to create standards is lacking. It's not that there hasn't been improvement - PCI DSS for cardholder data, HIPPA for healthcare, NIST SP 800-171 for department of defense and their supply chain, GDPR for-well-seemingly everyone!... However, the threat only continues to grow as technology improves. Enterprises have a habit of acting on fear alone, once they become victims or their peers become victims of a cyber threat. In order to overcome the issue of security fragmentation, there must be a single cohesive language for organizations to communicate, and they need to be educated about the importance and benefit of following a framework or standard.

The Need for a Common Language for Cybersecurity

We as businesses leaders need to decide how we are going to improve the strength of our organizations and industries. As it stands, most have their own security standards or no standards at all. It is very ineffective and hard for others to be on the same page across industries because there is no way for us to communicate with each other when one industry is speaking about cyber in a different languge than another. Even within an organization, employees can fail to share information with each other because explaining to various departments seems too complex. Cybercriminals will undoubtably find the vulnerabilities created by a lack of understanding and communication, and inability for security stakeholders to translate the importance of certain cyber standards to non-security stakeholers and departments.

Running Better Security Assessment Every Time is Critical to Proving Compliance Best-Practices. Learn How to Streamline Your Next Assessment with our Comprehensive Guide to Streamline Any Assessment.

Part of running a proactive cybersecurity program is realizing that cyber isn't just an Information Technology problem. The reality is that security efforts only exist to better support and protect all business functions. Without the effort and understanding of all business areas, a security team's efforts to standardize cybersecurity tends to also be less effective and efficient than it would be otherwise.

NIST CSF: The Gold-Standard for All Organizations

Former President Obama recognized this problem in 2013 and gave an executive order that attempted to standardize best cybersecurity practices. This led to the creation of the Cybersecurity Framework (CSF), the most thorough Framework created to date that provides a common language for cyber across industries. The National Institute of Standards and Technology (NIST) lead the creation of the Framework and involved over 3,000 industry professionals to make the Framework as applicable to real business sitations as possible. Subsequetly, President Trump took the initiative a step further and made the framework a required part of federal agency policy.

The Framework is not just for government use, and it can be adapted to businesses of any size.
The NIST CSF is designed to enhance the security and resilience of the nation’s critical infrastructure, and as best practice for all businesses. The voluntary risk-based framework
integrates a set of industry standards and best practices to help organizations manage
cybersecurity risks. As of 2015, 30% of U.S. organizations were using the NIST CSF, and use is predicted to rise to 50% or more by 2020. With more industries, organizations, departments and stakeholders speaking the same language around cybersecurity, we will have more opportunities to explore solutions to threats and improve upon the solutions that we have already discovered.

Adopt the Framework to Improve Your Cyber Strength

The Framework is designed to be effective and specific in its recommendations while retaining
flexibility. Companies can adjust the focus of the Framework to better serve their business needs. The NIST CSF empowers any organization to significantly reduce cybersecurity risks, better detect and respond to security breaches, and quickly recover from incidents. Businesses should begin to think about when and how to implement CSF into their business if they haven't already.

[Free Download: NIST Cybersecurity Framework Guide]

The Issue: Complexity and Time-To-Value

The NIST website has many resources that can help your cyber team begin the
implementation process. However, the Framework is over 900 controls long and can take months and even years in some cases to implement.

The Cyberstrong Platform cuts through the chaos of implementing cybersecurity best practices, because implementing and following these requirements should be an effort all businesses and organizations should take on. The CyberStrong PowerControls can give your team visbility into all five NIST CSF functions in hours, and can help create an automated roadmap to success for adoption with efficient workflow and operationalization. The CyberStrong PowerControls give a streamlined approach to adopting the framework regardless of company size, and include intelligent threat intel mapped against your current security standards in real-time. Risk assessments are coupled with each control for a visual, agile, and robust approach to assessing and adopting the most comprehensive Framework to-date. 

You may also like

Contextualize Quantified Cyber ...
on April 11, 2019

Now more than ever, CISO’s are being tasked with delivering hard metrics around an enterprise’s technology and digital risk. While this is nothing new for seasoned IT ...

NYDFS Implementation Grace Period ...
on April 9, 2019

Following the Equifax breach and growing concerns about the posture of the financial industry, New York State Department of Financial Services (NYDFS) released the initial ...

CEO's - Do You Know Where That ...
on April 5, 2019

It is no secret that cybersecurity has mystified many members of the C-suite since the function was introduced. With headlines dominated by breaches and hearings of information ...

Jerry Layden
Carbon Black Report Indicates ...
on April 2, 2019

In their third Global Incident Response Threat Report our Massachusetts neighbor, Carbon Black, illustrates not only the top industries for cyber attack but a deeply concerning ...

Legacy GRC And The Sunk Cost ...
on March 28, 2019

Last month, we covered how legacy GRC products and new integrated risk management (IRM) solutions can co-exist and in fact compliment each other. That said, in order for them to ...

Alison Furneaux
What To Expect From The Imminent ...
on April 6, 2019

While the NIST Privacy Framework may be the headliner for the most anticipated new publication from the National Institute of Standards and Technology, there are two imminent ...