The Cybersecurity Framework can help an organization through improving and ensuring their digital health. It fosters communication among both internal and external stakeholders and helps to better integrate and align cybersecurity risk management with broader enterprise risk management processes. The Framework is organized by five key functions – Identify, Protect, Detect, Respond, Recover. These five functions provide a comprehensive view of the lifecycle for managing cybersecurity risk over time.
IDENTIFY:
Develop an organizational understanding to manage cybersecurity risk to: systems, assets, data, and capabilities.
  • Identify critical enterprise processes and assets – What are your enterprise’s activities that absolutely must continue in order to be viable? For example, this could be maintaining a website to retrieve payments, or protecting customer/patient information securely
  • Document information flows – It’s important to not only understand what type of information your enterprise collects and uses, but also to understand where the data is located and and how it is used, especially where contracts and external partners are engaged.
  • Maintain hardware and software inventory – It’s important to have an understanding of the computers and software in your enterprise because these are frequently the entry points of malicious actors.
  • Establish policies for cybersecurity that include roles and responsibilities – These policies and procedures should clearly describe your expectations for how cybersecurity activities will protect your information and systems, and how they support critical enterprise processes.
  • Identify threats, vulnerabilities, and risk to assets – Ensure risk management processes are established and managed to ensure internal and external threats are identified, assessed, and documented in risk registers. Ensure risk responses are identified and prioritized, executed, and results monitored.
PROTECT:
Develop and implement the appropriate safeguards to ensure delivery of services.
  • Manage access to assets and information – Create unique accounts for each employee and ensure that users only have access to information, computers, and applications that are needed for their jobs.
  • Protect sensitive data – Make sure sensitive data is protected by encryption both while it’s stored on computers as well as when it’s transmitted to other parties. Consider utilizing integrity checking to ensure only approved changes to the data have been made. Securely delete and/or destroy data when it’s no longer needed or required for compliance purposes.
  • Conduct regular backups – Many operating systems have built-in backup capabilities; software and cloud solutions are also available that can automate the backup process. A good practice is to keep one frequently backed up set of data offline to protect it against ransomware.
  • Protect your devices – Consider installing host based firewalls and endpoint security products. Apply uniform and control changes to device configurations. Disable device services or features that are not necessary to support mission functions.
  • Manage device vulnerabilities – Regularly update both the operating system and applications that are installed on your computers and devices. If possible, enable automatic updates. Consider using software tools to scan devices for additional vulnerabilities.
  • Train users – Regularly train and retrain all users to be sure that they are aware of enterprise cybersecurity policies and procedures and their specific roles and responsibilities as a condition of employment.
DETECT:
Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
  •  Test and update detection processes – Develop and test processes and procedures for detecting unauthorized entities and actions on the networks and in the physical environment, including personnel activity.
  • Maintain and monitor logs – Logs are crucial in order to identify anomalies in your enterprise’s computers and applications. These logs record events such as changes to systems or accounts as well as the initiation of communication channels. Consider using software tools that can aggregate these logs.
  • Know the expected data flows for your enterprise – If you know what and how data is expected to be used for your enterprise, you are much more likely to notice when the unexpected happens – and unexpected is never a good thing when it comes to cybersecurity.
  • Understand the impact of cybersecurity events – If a cybersecurity event is detected, your enterprise should work quickly and thoroughly to understand the breadth and depth of the impact. Seek help.
RESPOND:
Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
  • Ensure response plans are tested – It’s even more important to test response plans to make sure each person knows their responsibilities in executing the plan.
  • Ensure response plans are updated – Testing the plan inevitably will reveal needed improvements. Be sure to update response plans.
  • Coordinate with internal and external stakeholders – It’s important to make sure that your enterprise’s response plans and updates include all key stakeholders and external service providers.
RECOVER:
Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event
  • Communicate with internal and external stakeholders – Your recovery plans need to carefully account for what, how, and when information will be shared with various stakeholders.
  • Ensure recovery plans are updated – As with response plans, testing execution will improve employee and partner awareness and highlight areas for improvement. Be sure to update Recovery plans.
  • Manage public relations and company reputation – When developing a recovery plan, consider how you will manage public relations so that your information sharing is accurate, complete, and timely – and not reactionary.

 

As we enter this digital age, it is important not to leave your technology and team unprotected. Making strides forward in cybersecurity for your company, while tedious, can have drastic benefits and payoff. Contact the ITAC team today to learn what steps you can make to ensure your company is protected.