Download presentation slides
Watch on-demand webinar
In Canada, several organizations have adapted or otherwise used this framework in developing their own cybersecurity recommendations. For example, nationally, the Canadian Center for Cybersecurity (CCCS) published “Baseline Cyber Security Controls for Small and Medium Organizations”, while provincially different governments are involved in helping businesses, government and non-profits (notably, the BC government publishes among the best set of resources ). And finally, if you do business internationally, then the use of ISO cybersecurity standards may better apply to your organization – if they are required by your customers and partners.
The key takeaway from this webinar is that some form of risk mitigation documentation can and should be done for all organizational types. For key business processes, this can be understood by understanding risk along a matrix of impact versus probability.
Within NIST, there are five functions of the framework:
- Identify – Determine what assets are at risk
- Protect – Take steps to safeguard your IT assets
- Detect – Routinely monitor to alert for problems
- Respond – Plan for the worst and be ready to act
- Recover – Get back to normal after a breach
Notice something in “recover”? It is assumed that you will need to get back to normal after a breach. In other words, it is assumed that at some point you will face a successful cyber-attack and part of being ready is having the right documentation, plans and controls. The webinar goes into more detail on where to get the specific documentation to help you create your plans.
While this type of framework can be implemented by many IT folks to a greater or lesser degree, it has emerged as a specialty within the cybersecurity world. What is certain is that if an organization is looking to implement a framework then they need an internal champion and/or an external consultant to drive the process – again to the level of sophistication based on the risk of your situation.