Technology enables all aspects of a business, so cyber risks can disrupt virtually
any part of an organization’s operations. Protecting technology and information
can be intimidating, but specialists can help.
In addition to general protections, most businesses must adhere to some regulatory
guidance: PCI for retail operations taking credit cards, HIPAA for healthcare providers
and insurers, and NIST/CMMC for defense contractors, for example. Each of these
calls out a framework for protecting information. One of the most foundational is
the National Institute of Standards and Technology (NIST) Cyber Security Framework.
NIST created this as a baseline that is adaptable for any business. It lists controls
for protecting data and systems, but leaves the choice of technologies and implementation
to our discretion.
The
NIST framework breaks the process of securing and monitoring into 5 functions
within the framework’s core. These are Identify, Protect, Detect, Respond, and Recover.
Take the following steps to help your organization set up a NIST Cyber Security
Framework:
- Step 1: Prioritize and Scope
- Step 2: Orient
- Step 3: Create a Current Profile
- Step 4: Conduct a Risk Assessment
- Step 5: Create a Target Profile
- Step 6: Determine, Analyze, and Prioritize Gaps
- Step 7: Implement Action Plan
Your insurer will send an annual review form to attest that data protections remain
in place. This is a great time to take credit for improvements.
We are available to help throughout the process, especially
during the self-assessment and project cycle to ensure that company personnel can
confidently assess the next steps in the program.