Home  /  Archive "Security"

Security

3 Tips for implementing the NIST Cybersecurity Framework CSF

 

Each day more Organizations, regulators, and Governments adopt The NIST Cyber Security Framework to reduce cyber risks. The CSF is the fastest to be adopted worldwide because of its simplicity, effectiveness, and flexibility. The framework is developed to enable organizations to control cyber risks on the top management level without understanding complex security terms and skills.

Here are some tips to help you approach the implementation of the CSF in a simplified way.

The Approach:

The NIST CSF is not meant to be a checklist for compliance. Many standards define the (How & How much) in cybersecurity, including the ISO 27001, PCI-DSS, COBIT, ISA, etc. The NIST is meant to represent the “What.” The main benefit of the CSF is to make sure that Cyber Security is aligned with the organizational strategy and goals. In addition, the CSF enables executive management engagement and guides the implementation of security measures to be effective.

The CSF is Iterative

The CISO should implement the NIST Cyber Security Framework to stay alive. After its first round of implementation, it should keep evolving to take the organization through the required cybersecurity maturity levels & growth and development plans later.

Where to begin:

It is recommended to define first the different organization profiles. Organization Profiles include the client interface to the organization, the threats and vulnerabilities, and supplier management.

For each defined profile, the framework core is assessed to determine the tier for each category and subcategory under the CSF Core.

The list of references points to each of the subcategories’ list of standards related. This makes it easier for organizations with already implemented ISO 27001 and PCI DSS standards to manage the framework.

The tiers for each subcategory and category then determine the organization tier. Tiers are not meant to be maturity levels, so if your organization is level 3 on one of the subcategories, it might be unnecessary to adopt level 4. Some of the risks would not be significant enough for an organization to develop a level 4 considering the investment needed to reach that level.

Finally,

The CSF implementation is not a “one size fits all” approach. It is also very critical not to try to solve everything at once. Instead, the CSF implementation should spotlight the organization’s risk tolerance and enhance the C-Suit managers’ involvement in cybersecurity decision-making. The proper implementation of the framework should also help the CISO build business cases for different initiatives and guide the roadmap to cyber resilience.

 

read more

Application Security Webinar

Join Us!
Extend Right how to overcome the Pitfalls in your Application Security and Fasten SDLC is almost here!
Register Now!

See you on May 25, 2021!

read more

Cybersecurity Economics Webinar

What are the economic drivers that influence cybersecurity? …

How can threats be mitigated by addressing the real economic problem?…

While many Information Security Experts think of cybersecurity as a technical problem, this webinar will show a different aspect of the security decision making process.  Usually a security risk mitigation almost always comes down to be cost and investment decision.

Security failures are often caused by bad business decisions. This webinar provides an introduction to the field of  economics of cybersecurity. without going deep into economic concepts the webinar is designed to discuss the measurement approaches and data analytics to make better security decisions.  Engage confidently with management on cybersecurity challenges.

Agenda
Introduction to the field 
-	Economics of information goods
Measuring cybersecurity
-	What to measure?
-	Security metrics
-	Data collection and processing
Market Failures and Policy
-	Policy Interventions to Correct Market Failures
The Human Factor
Conclusion 
-	Security economics and policy

 

 

read more

Do we even have a good CISO?

I have to admit this, I am a sucker to success, talent, and professionalism. Who wouldn’t be? Right?

I am always pleased to talk to a successful executive, or hear from a talented person about his/her passion and profession. I am always amazed by a woman director or manager who is working against the odds of culture, and achieving success on both career and personal fronts. Maybe because I have a daughter who is still starting her way as a college girl and I can’t help it but to wish for her all the best on all frontiers.
(more…)

read more

security resources to share with your team during covid19.

The Covid-19 is already causing a huge impact on the people; with the number of infected people soaring up and also the fatality numbers have gotten high. Other than the health issue it causes, it is also having a huge impact on businesses and thereby the economy.

Even Before Covid-19, Businesses were facing cyber threats which had a significant impact on the businesses overall. Now the attackers started taking advantage of the Covid-19 to be more successful at what they’ve been trying to do. There are multiple reports from reputed sources, who have witnessed that cybercriminals taking advantage of the current situation.

(more…)

read more

24/7 fully managed security service our new service for new era.

As the World getting back on its feet after the COVID19 hit to all life aspects, We have a new vision for how Information Security Services will be conducted in the new Era.

All Aspects of life and business are hit so hard with the shutdown that happened due to COVID19.  Some of the changes that happened will continue with us for the next few years. One major impact is that every one is looking now to run business at a lower operation cost, without impacting quality of course. As a result of this it is always better to organize service in mass rather than looking for individual products or service.

(more…)

read more

audit and compliance from home. what to look for?

Whether it is PCI-DSS, ISO 27001, or any other compliance requirement, It is becoming clear every day, that transforming Compliance functions to work remotely, smoothly, and securely is a necessity that will continue to exist even after COVID 19. While this will be difficult for some business functions, some business functions can overcome challenges and even work better in remote mode.

While Compliance and Auditing always needed physical presence of some sort, performing the main function itself does not. Consulting Companies have been working in this direction even before the lock-down of COVID 19.  While some had created good platforms for exchanging documents and follow up on progress, it is very important to look on the process end-to-end to guarantee security, collaboration between stakeholders, project tasks follow up, and reporting on different levels.

(more…)

read more