4 ways to get the most out of the NIST cybersecurity framework
March 16, 2020
The gold standard for assessing an organization’s security posture is the National Institute of Standards and Technology (NIST) cybersecurity framework (CSF). The CSF is especially valuable to IT service providers looking to dive into managed security services. Why? Because it can gauge how effective new initiatives are, and it’s a great way to initiate dialogue with new clients. The NIST CSF is proven and trusted because its framework was built on rigorous standards, which is why it enhances the legitimacy of any service provider relying on it. With that in mind, here are some of the top ways managed service providers can take advantage of the NIST CSF:
1. Risk assessment
The top priority for any provider is to come to an understanding with customers about their organization’s current amount of risk and then establish achievable goals for keeping their company safe. The NIST CSF has a built-in Identify function to help both provider and client see eye-to-eye on risk assessment and the features to be employed in defeating any cybersecurity dangers present.
The cybersecurity framework developed by the National Institute of Standards and Technology has over one hundred subcategories—which is a lot! One of the most helpful is the Profile section, which can help create a snapshot of each client’s current security status. This snapshot can then be compared with an evaluation of the company’s cyber security assessment and specific goals to develop an individual client profile, which can then be used to create an effective action plan.
After successfully profiling a client and arriving at realistic goals, the next step is examining their security status and determining when it makes most sense to get started. To do this, it’s important to identify any weak points that remain in a client’s current security setup and prioritize next steps to remedy those vulnerabilities. Thankfully, the NIST CSF Protect function gives clear insight to a client’s infrastructure and the areas that require most attention, while taking into account factors such as personnel, budget and other specific needs.
4. Execute the plan
Lastly, the NIST CSF can help put your plans into motion and begin moving each client toward the goals you already established and prioritized. And it all builds off the work done previously: a meticulously crafted profile, cyber security assessment and gap analysis. When finally rolling out the plan, don’t forget to document everything. This will help your future rollouts as you learn which areas to focus on; plus, it’s a great way to craft training materials that will be used for years to come.
There’s still more you can do after that, though. The data and diligence should be tweaked every year after enough time has passed to judge the effectiveness of the previous profile, plans and priorities. Additional subcategories can also be created, if necessary, to bolster what’s already there.
And don’t forget, you can also apply the National Institute of Standards and Technology’s cybersecurity framework to your own organization. Examining your security status can help you eliminate vulnerabilities and better understand the depth of the NIST CSF’s framework and how it can serve your clients. Any improvements made to your security posture because of the NIST CSF are great testimonials and could be effective conversation starters as you pursue new business.
For more information on the NIST CSF and how it can help you dramatically improve customer cybersecurity, contact the security experts at Ingram Micro.