In my work with CDW customers, I often come across technology leaders who want to improve their cybersecurity posture but aren’t really sure where to start. They might recognize that their organizations need to improve their cybersecurity controls but don’t know where their investments will pay off the most.

When I hear concerns like this, I immediately look to the Cybersecurity Framework (CSF) developed by the National Institute of Standards and Technology (NIST). While there are many different cybersecurity standards out there, I prefer this one because it uses plain language to describe the five most important activities in cybersecurity. I’d like to walk you through this framework using two different examples.

As the technical lead for the incident response (IR) team at CDW, I see quite a few attacks that occur against organizations, with the most prevalent including phishing (most often leading to credential theft), advanced malware and ransomware. Ransomware is typically the most destructive for organizations that have not prepared or planned for this type…