When it comes to cybersecurity, the common question for all clients is – What risk level are you willing to accept to protect your most valuable asset – Information?
Cybersecurity is a broad and complex subject matter. In order to bridge the communication gap to improve understanding and reduce complexity, there must be a common language – that language exists in the form of a security framework.
While there are many security frameworks available and no single mitigation strategy is guaranteed, the cybersecurity framework (common language) that Integrated Solutions has chosen is based on the National Institute of Standards and Technology (NIST) but does also incorporate the Australian language in the form of The Essential Eight. NIST’s approach has been chosen for its comprehensiveness in covering a wide range of business governance.
The NIST Cybersecurity Framework includes 5 core functions – Identify, Protect, Detect, Respond, Recover. Each function is underpinned by a wide-ranging set of categories and controls – which are safeguards or countermeasures to avoid, detect, counteract and/or minimise risks.
As part of the initial discovery activity, Integrated Solutions will undertake a risk assessment exercise to review and map IT assets and policies including systems, applications, processes and procedures. The outcome of this activity is to empower decision-makers with information about the business – strengths and areas of improvement.
Every organisation is unique in the way they leverage technology. Therefore, their definition and approach to risk management is also unique. Using a standard framework as a guide is necessary because it’s objective, measurable, comprehensive and consistent – scalable across industry and size.
GET IN TOUCH WITH THE IT EXPERTS
The threat medium is constantly changing, and the level of sophistication increasing; therefore, the risk assessment exercise must be an ongoing investment. As businesses begin to asses and implement the framework, their own level of sophistication may change. The frequency of the exercise and/or investment is unique to each business, subject to its risk profile and tolerances.
Initial consultation to define and understand the risk profile unique to each business
Undertake the risk assessment exercise, measure the area(s) of risk, evaluate potential remediation options
a. Accept the solution: create an action plan for remediation
b. Accept the risks: sign off
Create a roadmap for continuous improvement