The Strategy
aligned with (NIST CSF v.2) and (27001)
In response to the evolving challenges in our digital landscape, our organization recognizes the need for a robust, flexible, and comprehensive approach to cybersecurity. This program strategy amalgamates the strengths of both the NIST Cybersecurity Framework (CSF) and ISO 27001, creating a security infrastructure that is not only resilient but also adaptable to our organizational needs.
This framework encompasses six primary functions, integrating the best elements from NIST CSF and ISO 27001:
These functions are:
GOVERN (GV)
IDENTIFY (ID)
PROTECT (PR)
DETECT (DE)
RESPOND (RS)
RECOVER (RC)
The Breakdown
Govern (GV): the foundational governance structure and strategy for cyber-security.
Purpose: The GOVERN function centers on establishing and maintaining the organization’s overall cybersecurity risk management approach. It offers guidance on setting clear expectations, policies, and strategy. Key to this function is its role in ensuring that cybersecurity considerations are integrated into the broader enterprise risk management strategy, encompassing elements like organizational context, supply chain risks, roles, policies, and oversight mechanisms.
Organizational Context (GV.OC): Understanding the broader organizational setup, its goals, and its environment.( leverage the clause 4 of 27001)
Risk Management Strategy (GV.RM): Formulating a strategy to handle and mitigate risks.(leverage the info-sec-risk mgmt. of 27005)
Cybersecurity Supply Chain Risk Management (GV.SC): Ensuring the security of the entire supply chain related to cybersecurity.
Roles, Responsibilities, and Authorities (GV.RR): Defining who is responsible for what and the authority they hold.
Policies, Processes, and Procedures (GV.PO): Establishing the necessary policies and procedures related to cybersecurity.
Oversight (GV.OV): Monitoring and supervising the implementation of the cybersecurity strategy.
Identify (ID): Recognizing assets and risks within the organization
Purpose: IDENTIFY is all about understanding. It aims to pinpoint the current cybersecurity risk landscape the organization faces. This involves a deep understanding of all assets - from data, hardware, and software to personnel and facilities. By identifying these assets and their associated risks, organizations can prioritize their security efforts in alignment with their risk management strategy and broader governance.
Asset Management (ID.AM): Keeping track of and managing digital and physical assets.
Risk Assessment (ID.RA): Evaluating potential risks to the organization.
Improvement (ID.IM): Identifying areas of enhancement within the cybersecurity framework.
Protect (PR): Safeguarding assets and data.
Purpose: The PROTECT function's main goal is to minimize potential cybersecurity risks by implementing appropriate safeguards. It underscores the importance of ensuring assets are well-secured to mitigate the likelihood and aftermath of adverse cybersecurity events. This function encompasses several domains including awareness training, data security measures, identity management, platform security, and ensuring the resilience of technology infrastructures.
Identity Management, Authentication, and Access Control (PR.AA): Managing user identities and ensuring secure access.
Awareness and Training (PR.AT): Educating personnel about cybersecurity best practices.
Data Security (PR.DS): Protecting data from breaches and leaks.
Platform Security (PR.PS): Securing both software and hardware platforms.
Technology Infrastructure Resilience (PR.IR): Ensuring the technological infrastructure can withstand and recover from disruptions.
Detect (DE): Identifying potential cybersecurity incidents.
Purpose: DETECT focuses on the proactive identification and analysis of potential cybersecurity threats. Its primary aim is to enable organizations to swiftly spot anomalies or potential threats, ensuring timely responses to any indicators of breaches or attacks.
Continuous Monitoring (DE.CM): Ongoing observation of systems to detect anomalies.
Adverse Event Analysis (DE.AE): Analyzing incidents that could harm the organization.
Respond (RS): Acting on detected cybersecurity incidents.
Purpose: Once a cybersecurity incident is detected, the RESPOND function springs into action. It provides the blueprint for how organizations should react to contain and manage the incident. This encompasses everything from initial incident management and analysis to communication, reporting, and mitigation strategies.
Incident Management (RS.MA): Handling and resolving cybersecurity incidents.
Incident Analysis (RS.AN): Investigating the nature and cause of the incident.
Incident Response Reporting and Communication (RS.CO): Reporting incidents and communicating them to relevant stakeholders.
Incident Mitigation (RS.MI): Taking actions to minimize the impact of an incident.
Recover (RC): Restoring systems and operations post-incident.
Purpose: The aftermath of a cybersecurity incident is where the RECOVER function comes in. Its primary focus is on restoring and rehabilitating assets and operations that might have been adversely affected. This entails not just a return to normal operations but also effective communication strategies during the recovery process.
Incident Recovery Plan Execution (RC.RP): Implementing a recovery plan to restore operations.
Incident Recovery Communication (RC.CO): Communicating recovery actions and updates to stakeholders.
Conclusion:
This program strategy establishes a cohesive and robust approach to cybersecurity, integrating the best practices from two prominent frameworks. It aims to secure our digital landscape effectively, ensuring the confidentiality, integrity, and availability of our information assets. By adhering to this strategy, we fortify our defenses, respond to incidents promptly, and recover with resilience. Together, we create a culture of cybersecurity that safeguards our organization and its stakeholders.
know more about Relevant Standards and Guidelines That Best Suit Your Context.