Building a Cyber Program

Building a Cyber Program

Technology enables all aspects of a business, so cyber risks can disrupt virtually any part of an organization’s operations. Protecting technology and information can be intimidating, but specialists can help.

In addition to general protections, most businesses must adhere to some regulatory guidance: PCI for retail operations taking credit cards, HIPAA for healthcare providers and insurers, and NIST/CMMC for defense contractors, for example. Each of these calls out a framework for protecting information. One of the most foundational is the National Institute of Standards and Technology (NIST) Cyber Security Framework. NIST created this as a baseline that is adaptable for any business. It lists controls for protecting data and systems, but leaves the choice of technologies and implementation to our discretion.

The NIST framework breaks the process of securing and monitoring into 5 functions within the framework’s core. These are Identify, Protect, Detect, Respond, and Recover.

5 function framework

Take the following steps to help your organization set up a NIST Cyber Security Framework:
  • Step 1: Prioritize and Scope
  • Step 2: Orient
  • Step 3: Create a Current Profile
  • Step 4: Conduct a Risk Assessment
  • Step 5: Create a Target Profile
  • Step 6: Determine, Analyze, and Prioritize Gaps
  • Step 7: Implement Action Plan
Your insurer will send an annual review form to attest that data protections remain in place. This is a great time to take credit for improvements.

We are available to help throughout the process, especially during the self-assessment and project cycle to ensure that company personnel can confidently assess the next steps in the program.


Richard Wolford
Software Engineer,


PA Cybersecurity Resource Center
The PA Cybersecurity Resource Center is financed by a grant from the Commonwealth of Pennsylvania, Department of Community and Economic Development.
Copyright © 2024 Concurrent Technologies Corporation. All rights reserved. Send comments & questions to the Webmaster.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability status, protected veteran status, or any other characteristic protected by law.
CTC on Facebook    CTC on LinkedIn    CTC on YouTube