NIST’s Cybersecurity Framework has become the common language for international cybersecurity  

NIST’s Cybersecurity Framework has become the common language for international cybersecurity  


Today’s columnist Willem Hendrickx of Vectra AI says security professionals around the world can benefit from NIST’s cybersecurity framework. (Credit: NIST)

All organizations, whether public or private and regardless of where they operate, are working on one of the most chaotic threat scenarios ever seen. And now, in the midst of our first world cyber war, with tensions constantly rising due to the conflict between Russia and Ukraine, it is crucial that those in charge of ensuring its organization do not turn a blind eye to the likelihood of a violation. Organizations need to address the reality of non-compliance and be proactive in uncovering risks, while aligning the strategy and tools needed to mitigate them.

Regardless of how the security teams apply due diligence to deal with current threats, all indications are that now is the time to step up strategies. In fact, the White House recently issued a statement warning of Russia’s potential to engage in malicious cyber activity against the United States in response to recently imposed economic sanctions. Therefore, whether you are concerned about the risks of the conflict in Ukraine affecting the organization or whether it is time to re-evaluate the security position of the company, there are some highly credible resources available to help guide these efforts.

The NIST cybersecurity framework immediately comes to mind. It provides a clear set of guidelines for addressing and managing cybersecurity risks, based on existing standards, guidelines and good practices published by NIST. While this framework was originally developed to improve critical infrastructure risk management in the United States, security teams can use it in any sector of the economy or society. NIST makes it clear: “Organizations outside the United States can also use the framework to strengthen their own cybersecurity efforts, and the framework can help develop a common language for international cybersecurity cooperation on critical infrastructure.”

And why not? Our security goals share a similar tone regardless of function or location: to protect organizations as effectively as possible. We may also share relevant tools and information to help us get there. As for the NIST framework, there are some basic uses that are worth noting. Initially, security teams can leverage the framework as a guide to help determine which activities are most important to ensure critical operations and to help prioritize investments and maximize the impact of cybersecurity spending. But, as with any set of guidelines that a company considers using, getting the most out of it comes down to defining the goals of the organization.

For example, if the team aims to secure a company that has undergone extraordinary changes as a result of an increase in mobile and remote workers, a rapid adoption of the cloud, or both, the NIST framework can help prioritize projects. or even help guide purchasing decisions and ultimately reduce risk.

The cloud transformation scenario is not uncommon these days, but it does pose major challenges for security professionals. Traditional network security tools that have long been basic depend on visibility at endpoints on local networks, and security teams can no longer stop them from stopping all threats. While it’s still important to make the environment as difficult as possible for touching attackers, preventing them from entering shouldn’t be at the expense of detecting them when they do. And this is where NIST can lend a hand.

For professionals, it has become a very useful resource that the industry should share. Statements like the White House and ransomware alerts like this that were issued as a joint warning from the FBI, CISA, and the NSA must be taken seriously. We can also use them as resources to improve posture, as they offer mitigation guidance. Although government agencies must follow guidelines to protect critical infrastructure, most entities currently operate in the private sector. This is also the case internationally, where cybercriminals are no different and always try to find a way to enter regardless of how an organization deploys its business. Regardless of the techniques, tactics, or toolkits they use, it is not our government’s responsibility to stop them; it is up to us as advocates.

Willem Hendrickx, Revenue Director of Vectra AI



Source link

Related post

EDUCAUSE 2022: How Data Collection Can Improve Student and Faculty IT Support

EDUCAUSE 2022: How Data Collection Can Improve Student and…

At Indiana University, Gladdin said, to make life easier for students and faculty, they implemented a course template for the Canvas…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…

Leave a Reply

Your email address will not be published.