The coronavirus crisis has fundamentally changed the way many companies work. Shelter-in-place requirements across the nation have driven employees to working remotely, and consequently have forced companies into facing the reality of digital transformation, whether they had planned for it or not. This new reality, in turn, has also presented a huge opportunity for cybercrime. Hacking and phishing attacks on businesses have soared, as threat actors rush to take advantage.
While companies are rushing to implement new policies and controls to address their biggest concerns, many companies’ cybersecurity plans are designed for a vastly different risk environment. The best way for companies to improve their cybersecurity posture is not to react to the latest concern tactically, but rather to step back and think through their cybersecurity risk strategically.
That’s why cybersecurity frameworks can be so valuable. A cybersecurity framework is a structured plan for implementing and maintaining the tools and practices essential to protecting your organizations systems and data. Probably the best known and most widely adopted framework is the NIST Cybersecurity Framework.
NIST stands for the National Institute for Standards and Technology. It’s an agency of the U.S. Department of Commerce. In 2013, an Executive Order directed NIST to develop a uniform standard that government and businesses could adopt to guide their cybersecurity activities and risk management programs. Since that time, the framework has become a standard approach to cybersecurity, having become required for all non-Department of Defense U.S. government agencies, a growing number of critical infrastructures, as well as an extensive list of international governments.
The framework isn’t a checklist to follow in setting up a program, but rather an overall guide as to how an organization can manage and reduce their cybersecurity risk, and it’s designed to work within your existing processes to manage those risks. The framework has five core functions to cover cybersecurity risk management and focus on business outcomes: Identify, Protect, Detect, Respond, and Recover.1
Figure 1: The NIST Framework
Within these five functions, the framework consists of standards, guidelines, and best practices to manage cybersecurity risk.
Any organization can adopt and adapt the NIST framework in order to ensure they have an effective cybersecurity program, which is not only scoped and tailored to their particular risk profile, but can grow and evolve with the company as the risk environment changes. While a considered, intentional, and comprehensive approach to the NIST framework is required to be secure, having a high-level of understanding is an important first step in protecting your organization’s systems and data.
It Starts With the Right Training
Raytheon Professional Services offers the NIST Cybersecurity Professional (NCSP) training and certification programs. NCSP is the industry’s first accredited cybersecurity certification program based on the NIST Cybersecurity Framework. NCSP training programs teach organizations how to:
- Assess themselves in order to understand their current cybersecurity state
- Design a cybersecurity program using the NIST-CSF information reference controls in order to realize a future cybersecurity state
- Implement and operationalize a continual implementation and improvement management system to automate, sustain, and continually improve the future cybersecurity state.
In light of the pandemic and the increasing cybersecurity challenges – and some cases, crisis – that companies are facing, Raytheon Professional Services is offering a complementary NIST Cybersecurity Professional Awareness Training through our partner, ITSM Solutions. This is a two-hour video training course that introduces the fundamentals of the NIST Cybersecurity Framework and its association with digital transformation and cybersecurity risk management. The free course is designed for anyone who plays a role in the creation, deliver, management and consumption of digital services within an enterprise.
- Self-paced mentored video instructor training
- Module level testing
- Certificate of completion
Our FREE cyber awareness training is available now! Sign up Today! RPS has partnered with itSM Solutions to provide the NCSP Awareness Self-Paced Video Training. Include, “Free NIST Cybersecurity Awareness Training” in your request, and we’ll send you instructions on how to enroll.
Reach Out To RPS
Do you have lessons learned that you’d like to share? Start a conversation in the comments below or connect with us on LinkedIn, or at @RaytheonRPS using hashtags, #CyberSecurity, #CyberAttack, #CyberCrime, #learning, #training.
1 National Institute of Standards & Technology. (April 16, 2018) NIST Releases Version 1.1 of its Popular Cybersecurity Framework. Retrieved from https://www.nist.gov/news-events/news/2018/04/nist-releases-version-11-its-popular-cybersecurity-framework.