What is NIST?
Why implement NIST?
The framework was created by cyber security professionals from government, academia, and various industries. First published in 2014, it was designed to provide best practice for securing critical infrastructures, such as those in use by governments, healthcare companies, and financial services.
It has been quickly adopted by financial services organisations worldwide, as being the most recent, most relevant, and most practical way to ensure cyber defences are up to scratch. The framework is divided into three parts:
- The Framework Core: A structured set of functions that must be followed: identify; protect; detect; respond and recover;
- Framework Implementation Tiers: These are used to clarify how cyber security risk is viewed within an organisation and the resilience of the existing security management approach. The tiers are partial, risk-informed, repeatable and adaptive;
- A Framework Profile: This is a list of outcomes that an organisation has chosen from the categories and subcategories, based on its business needs and individual risk assessments.
It can be used alongside ISO 27001 whereby the information security is set based on ISO 27001 and then the NIST framework is implemented to deal with risk management and safeguard against cyber attacks.
Implementing this framework will help your business to:
- Provide assurance that you have carried out an independent review by experts who will review all aspects of your systems and processes, be thorough and honest and deliver professional advice;
- Eclipse other standards in terms of practical cyber defence;
- Guide key decision points about risk management activities through the various levels of an organisation;
- Identify areas where existing processes may be strengthened or new processes need to be implemented;
- Satisfy regulatory requirements – whilst it’s a voluntary standard, financial services firms are under heavy pressure to adopt the NIST Cyber Security framework as soon as possible.
Why 2|SEC Consulting?
- We have worked extensively in all types of cyber security standards prior to NIST being established;
- We deliver easy to understand reporting;
- We can assist with the full NIST CSF implementation process, from project scoping and risk assessment right through to advising on the necessary remediation measures to implement your action plan;
- We will develop a cyber security maturity programme that suits the business profile of your company;
- We communicate clearly – our mission is to ‘manage your cyber risks so that you don’t have to’ and we will communicate any issues or remediation recommendations in a clear and jargon-free way.
Are you in the Financial Services market and need to satisfy regulatory requirements?
Contact us to discuss how you can eclipse other standards in terms of practical cyber defence.
“With a growing development team coding in a fast-paced environment, it was important for us to get an expert third party security firm in to carry out a review of our public facing APIs and web applications. 2|SEC Consulting provided the independent review we needed.”