Companies recognize the need for a cohesive cybersecurity solution to address all threat vectors across their entire landscape. However, many lack the deep understanding needed to implement and sustain solutions.
Business leader responses to the new Digital Transformation Index Study highlight security concerns as the #1 barrier impeding their digital transformation, moving up from 5th place in the 2016 study. Not surprisingly, business leaders cited security as their top technology investment over the next 1-3 years. They also identified lack of in-house skills and expertise as the #3 barrier to digital transformation.
Data from another recent Global Data Protection Index survey corroborates these observations, especially around security. The survey shows that the number of businesses unable to recover data after an incident nearly doubled from 2016. Aside from infrastructure failure, the biggest threat identified in the survey is security breach.
As threats of information breach, hacking, data theft, and ransomware attacks increase, companies must equip their IT people with necessary skills, knowledge, and organized thinking. These abilities are essential to implementing effective cybersecurity solutions.
Guiding Implementation Using NIST Cybersecurity Framework
Whether planned or not, data centers undergo constant change. Planned hardware and software updates, governance rules, compliance regulations, security events and unplanned outages are just some of the challenges data center staff face.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework has the broadest application and is the most recognized and widely used. NIST was tasked with development of a “Cybersecurity Framework“ to provide a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.
The most common representation of the NIST Framework includes five functions – Identify, Protect, Detect, Respond, and Recover. Each should be evaluated by organizations in pursuit of ongoing cyber resiliency. NIST has segmented the five functions into specific topics: categories, subcategories and informative references.
Organizations can use these functions and categories as a topical list of actions to consider as part of their security strategy. While these topics should be considered for implementation, there are many factors that will determine how these actions are implemented. Whether employing some, many or all, there is no right or wrong way to implement this framework.
The five functions represent the primary pillars of a successful and holistic cybersecurity program.
Identify
- Helps organizations understand and manage cybersecurity risk to critical systems, people, assets, data, and capabilities.
- Based on the premise that you cannot effectively protect something if you are unaware of its existence.
Protect
- Helps organizations understand and apply appropriate safeguards to ensure delivery of critical infrastructure services.
- Supports the ability to limit or contain the impact of a potential cybersecurity event.
Detect
- Helps organizations define the appropriate activities to identify the occurrence of a cybersecurity event.
- Enables timely discovery of cybersecurity events.
Respond
- Describes process, procedure and other activities to take when a cybersecurity incident is detected.
- Supports the ability to contain and minimize the impact of a cybersecurity incident.
Recover
- Helps organizations determine appropriate activities to maintain plans for resilience and to restore capabilities or services impaired due to a cybersecurity incident.
- Supports timely recovery of normal operations to reduce the impact of a cybersecurity incident.
Comprehension of these terminologies, processes, frameworks and their components provide foundation of essential skills and knowledge. Adopting and implementing a framework ensures consistency for everything from language and terminology to process and procedure. When staff understand roles and responsibilities the result is increased preparedness and faster return to business as usual after an attack.
NIST Cybersecurity Courses and Certification
Dell Education Services offers courses and certification that complement this broad overview of cybersecurity and frameworks.
Introduction to IT Frameworks and NIST
Provides an overview of several different frameworks and their origins. This free online course also details the elements of the NIST Framework.
Implementing the NIST Cybersecurity Framework
Provides detailed coverage of the framework and uncovers the processes used to understand risk and prioritize and implement security goals in their environment.
Dell Proven Professional Specialist Certification
Validates skills to implement the NIST framework components to drive improved cybersecurity practices into the data center, evaluate risk, and prioritize changes based on business needs and changes in the security landscape.