data security, regulatory and privacy management

Compliance, Security, Data Masking, New York, Connecticut, New Jersey, Massachusetts, Rhode Island

GRT provides expert IT Risk Management, Data Security, Data Privacy, Data Masking and Regulatory Compliance consulting services to companies in the United States and arround the world.

data security, regulatory and privacy management

business intelligence, operational, analytic and business reporting

Business Intelligence, New York, Connecticut, New Jersey, Massachusetts, Rhode Island

GRT assists you in development, design and implementation of a data warehouse and business intelligence strategy that ensures common framework across the enterprise.

business intelligence, operational, analytic and business reporting

Information strategy, gap analysis, tactics, design and implementation

Data Warehouse and Business Intelligence Staffing Solutions, New York, Connecticut, New Jersey,  Massachusetts, Rhode Island

GRT is a leader among expert staffing solutions in IT functions associated with Data Security, Business Intelligences and Data Warehouse. We help you meet your information management consulting and staffing needs.

Information strategy, gap analysis, tactics, design and implementation

Companies Should Adopt the NIST Cybersecurity Framework

Introduction

In the past, developing a cybersecurity policy and strategy for an organization involved digesting multiple standards, regulations and assessments. This usually meant deciding on competing priorities with the resulting strategy being compliance based. This was not only challenging but ultimately ineffective. The National Institute of Standards and Technology (NIST) Cybersecurity Framework has changed that, with a single reference point focused on proactive, risk based information security.

Since 2014, massive data breaches have become a common feature of the news. The huge amount of money at stake – Sony's was $100 million, Target's about $110 million – means that more and more companies are taking their information security seriously. This also signals a future of increasing regulation and compliance issues for the organizations involved.

Writing for Information Security Buzz, Dwight Koop discusses the National Institute of Standards and Technology (NIST) Cybersecurity Framework. The NIST Framework combines the best parts of existing assessments, regulations, and standards into one, actionable reference guide.

While technically this was created for critical infrastructure – banking, transportation, etc. - it is applicable to most organizations, and there aren’t many that won't find this useful. Compliance in the world of cybersecurity is an ever-shifting target, and it is easy to become lost in a sea of policies, audit checklists, and compliance standards.

The NIST Framework is useful precisely because it offers a single reference for organizations to build their own best practices from. Before this, standards originating from regulated industries offered competing priorities, opinions, and processes. This became needlessly confusing to all those involved. If the outcome is essentially the same—protect sensitive data and ensure organizations are not liable in the case of a data breach—then why aren't all the efforts combined and the scope broadened to include all organizations?

Why is another standard needed? The signed order EO 13636 kicked it all off. It specified that the “Department of Homeland Security (DHS) would consolidate its authority over security while actively involving private sector subject-matter experts and private companies to develop the framework.”

The major aspect of this is that it signifies an industry shift away from the traditional audit-focused policies towards a more risk-based approach. A risk-based approach to cybersecurity focuses on business and customer outcomes rather than audits, compliance objectives, policies, and transactions. The risk-based approach emphasizes much more proactive risk management over the purely reactive compliance tracking.

The NIST Framework is an important advancement in improving cybersecurity standards. It combines the knowledge and authority of literally hundreds of US governmental agencies and regulatory authorities, yet it is not a checklist. It is an in-depth process to allow organizations to update their risk-management approach to information security.

This is more important as companies increasingly move onto the cloud. IT teams will need a guide to help them improve their standards, secure critical systems, and pass industry standards. The NIST Framework is the perfect way to get IT teams started, because all organizations deserve clear guidelines to enable a practical and honest approach to security.

Summary

·         The NIST cybersecurity framework is designed to protect against small and large scale data breaches

·         It combines current but disparate assessments, regulations and standards

·         It is a risk based approach to data security

·         NIST was developed for critical infrastructure but can be used by any organization