In 2013, Barack Obama mandated the establishment of the NIST Cybersecurity Framework via an Executive Order. By 2014, the US National Institute of Standards and Technology (NIST) brought it to life, crafting cybersecurity standards tailored to shield critical computing infrastructure
Commonly contracted to CSF (for Cyber-Security Framework), it is now the de facto standard. Its function is to create a five-step process to Identify, Protect, Detect, Respond, and Recover from data breaches and other cybersecurity risks.
Consequent to its success, the CSF has been adopted by many governments and federal agencies, not in a battle against each other, but in the ongoing fight against criminal elements who have no regard for a nation’s sovereignty, and seek to cause harm.
Its wide adoption has seen it translated into many languages including Russian, Spanish, Italian, French, and Japanese.
Companies recognize the immense value of the NIST Cybersecurity Framework, particularly if they are considered primary targets for hackers. Microsoft jumped on the bandwagon, right along with Intel; financial institutions like JP Morgan Chase and the Bank of England came on board; they were joined by infrastructure organizations such as the Ontario Energy Board and Nippon T&T Corporation.
You should be aware, however, that you cannot comply with a framework. The core of the NIST CSF is a massive spreadsheet composed of 20 pages. Its purpose is to help your company comply with your cybersecurity requirements. The CSF was created to help you help yourself.
The NIST framework provides an outline of five areas to build and improve on your information security program.
It’s essential to know what you have before you can start protecting it.
This function outlines safeguards you can use to protect your organization from cyberattacks.
Recovery can include numerous strategies such as a complete wipe of the system and restoring from the most recent backups.
The simple fact of the matter is that protection is not always successful. These criminal hackers have the time, resources, and the money to overcome your best-laid security plans. Keeping them out is truly impossible, but making that access as difficult as possible is essential.
Once they do manipulate their way in, detection and response are essential. Failure to do so brings on analogies involving bulls and china shops, not to mention litigation, lawsuits, and liability, on top of the loss of community respect. You cannot take this lightly.
Many companies — especially small to mid-sized businesses — don’t know how to proceed with implementing the recommendations of the CSF to keep themselves safe. Unfortunately, most IT departments lack the experience to interpret and set up the CSF effectively, as well as successfully get stakeholders on board. It is, admittedly, a very complex process with thousands of variables. In most cases, it would be unfair to expect your IT department to add all this additional labor onto their current workload and still be effective in all their other duties. You’re going to need some outside support.
This is why there are expert intermediaries like Blumira that understand all the subtleties, convolutions, back checks, interrelationships, and strategies that make it work.
Blumira can help you implement threat detection and response and to do it cost effectively. Blumira is a SIEM with threat detection and response that alerts your team about critical cyber threats in real-time and provides actionable response capabilities with automation that reduce the overhead associated with traditional SIEM products.
With Blumira’s free edition, secure your Microsoft 365 environment in seconds with coverage for unlimited data and users. With our free edition, you can:
For more coverage and support, you can easily upgrade to a paid version that fits your needs.