When I hear concerns like this, I immediately look to the Cybersecurity Framework (CSF) developed by the National Institute of Standards and Technology (NIST). While there are many different cybersecurity standards out there, I prefer this one because it uses plain language to describe the five most important activities in cybersecurity.
I’d like to walk you through this framework using two different examples. First, we’ll imagine that we’re putting together a program to protect my property in the great state of Texas. Next, we’ll discuss how the lessons we draw from that example apply in the world of cybersecurity.
This is the first step of the NIST CSF. If we’re going to protect our assets, we first need an understanding of what assets we have and the roles they play (and the importance of each role). In the case of my property, the most critical asset I have is my home. I want to protect it at all costs.
In the world of cybersecurity, organizations need to identify the assets that are most critical to their business operations. This might be an electronic health records system for a hospital, a customer database for a sales team or a people information system for a human resources team.
After identifying critical assets, the next step is to protect them against reasonably foreseen threats. When I protect my home, I might build a fence, install a burglar alarm and set up cameras and motion detectors. In the world of cybersecurity, I need to build a layered defense of security controls that will keep intruders out and my information assets safe. These might include the use of encryption, firewalls, a data loss prevention system and other overlapping security controls.
No matter how strong my defenses, the reality is that intruders will eventually breach them, and I need to be ready to detect those breaches. There’s no point in installing surveillance cameras and burglar alarms in my home if nobody is monitoring those systems.
Similarly, cybersecurity programs need an operations function that includes team members with specific responsibility for monitoring security controls and detecting suspicious activity.
When an incident does occur, we must respond quickly to contain the damage. If an intruder breaks into my home, my first move might be to call the police. In the world of cybersecurity, I need an incident response plan that provides high-level guidance and specialized playbooks that guide the steps of my response to specific types of attack.
Finally, we’re not finished until we make a full recovery from a security incident. If an intruder breaks into my home through a door with a faulty lock, I need to repair that lock to avoid another intrusion. If a cyberattack takes place through an unpatched web server, I need to apply the necessary patch to prevent another attacker from walking through the same open door.
The NIST CSF offers organizations a very straightforward way to assess their own security posture. CDW is prepared to assist you in this journey. Our subject matter experts can help you conduct workshops to develop an incident response plan, create playbooks and test your incident response capabilities.