Request Demo

NIST Cybersecurity Framework

Building a Holistic Cybersecurity Program

down-arrow

Gartner analyst Earl Perkins, research vice president, presented five cybersecurity trends during the Gartner Security & Risk Management Summit in 2017. One of his key tawaways was that cyber programs need to try a more holistic approach to cyber program strategy.

Getting Hacked isnt an "If" Anymore but a "When". Stop Focusing on Protection and Prevention Alone.

“Take the money you’re spending on prevention and begin to drive it more equitably to detection and response,” said Mr. Perkins. “The truth is that you won’t be able to stop every threat and you need to get over it.” 

In the past year it's become clear that even the largest enterprises can be subject to breach. Therefore, this year if you're wondering where to focus your attention, spending time on making and testing your response plans, plans for remediation and methods of detection is key. Still focus on the latest methods of protection and prevention, but realize that you have to have all of your best practices in place for a holistic program.

A Holistic Approach: The NIST Cybersecurity Framework

The NIST Framework is the most thorough and holistic approach to cybersecurity program best practices. However, it's the most complex framework to implement covering over 900 controls over 5 major functions. The functions are important becaues they allow security teams to prioritize all areas of a holistic program equitably. Identify, Protect, Detect, Respond, and Recover are the five functions, and they cover all areas that you would want to address.

Gartner reports that the framework is used by 30? of U.S. organizations, with projected use of 50% by 2020. [Download the Free NIST Cybersecurity Framework Guide]

Use of the framework is usually attributed to three key motivations: aligning with cybersecurity best practices (70%); business partner requirements (29%); and federal contract requirements (28%) - according to Gartner.

It's clear that more and more organizations are aligning with the NIST Framework and are requiring their partners, vendors and suppliers to do so as well. If you're interested about learning more on the Framework and building a holistic approach, let us know and we can give you advice to get your started. The CyberStrong Platform can baseline you against the Framework in HOURS.

 

You may also like

Reading Between the Lines of NIST ...
on July 9, 2019

On June 19th, the National Institute of Standards and Technology (NIST) released the much anticipated Rev 2 of SP 800-171 and the working draft of supplement SP 800-171B. As the ...

How We're Making DFARS Compliance ...
on July 2, 2019

With the Department of Defense (DoD) making DFARS compliance a requirement for all contractors doing business with the DoD, a great amount of stress has been put on DoD ...

What to Expect from the Security ...
on June 26, 2019

Digital Society is Real, and Security and Risk Management Solutions Must Embrace Digital to be Successful Digital Society: “The collection of people and things that are engaged in ...

Alison Furneaux
Integrating GRC: Compliance, ...
on June 25, 2019

In our Integrating Governance Risk and Compliance series, CyberSaint leadership explores the process through which cybersecurity leaders can reconfigure their organizations to ...

George Wrenn
Integrating GRC: Risk, ...
on June 19, 2019

In our Integrating Governance Risk and Compliance series, CyberSaint leadership explores the process through which cybersecurity leaders can reconfigure their organizations to ...

Padraic O'Reilly
CyberSaint at Gartner Security and ...
on June 13, 2019

Next week, forward-thinking security and risk leaders will congregate in National Harbor for Gartner’s annual Security and Risk Management Summit. As the preeminent voice in the ...