Measurement Guide on Information Security Management
Here is a helpful Measurement Guide for your organization’s Information Security Management - from NIST
__________________________________________________________________________________________________
We at SpaceBound Solutions have a mission to help companies manage their cyber security needs. If you are in charge of cybersecurity at your company or are a member of the cyber security team – you know that staying on top of all of the threats from hackers and various attacks is a daunting task.
So, if your organization is ever attacked, your CEO and your customers need to trust you did everything you could to manage any cybersecurity threats.
In addition to hiring a trusted company like SpaceBound Solutions to perform security assessments, do penetration testing and handle disaster recovery/backup and more - there is also NIST to lean on for guidance before your organization is hit with a cyber-attack.
NIST is the National Institute of Standards and Technology – part of the U.S. Department of Commerce. The NIST Cybersecurity Framework helps businesses learn more about, manage, and lessen cybersecurity risks in order to protect your network and data. This guide is provides organizations with an ‘outline of best practices to help you decide where to focus your time and money for cybersecurity protection.’
This two-part document, entitled: NIST Special Publication (SP) 800-55 Revision 2: Measurement Guide for Information Security, ‘offers guidance on developing an effective program, and a flexible approach for developing information security measures to meet your organization’s performance goals.’
The NIST Cybersecurity Framework helps organizations identify and focus on five key items for organizations to:
1. Identify
List all equipment, software, and data you use - including laptops, smartphones, tablets, and point-of-sale devices
2. Protect
Control who logs on to your network and uses your computers and other devices
Use security software to protect data or hire a solutions firm
Make sure sensitive data is encrypted
Conduct regular backups of data
Update security software regularly, automating those updates if possible or outsource it to a solutions firm
Have formal policies for safely disposing of electronic files and old devices.
Train everyone who uses your computers, devices, and network about cybersecurity
3. Detect
Monitor your computers for unauthorized personnel access, devices (i.e. USB drives), and software
4. Respond
Notify customers, employees, and others if any data may be at risk
Report any attack to law enforcement
Investigate and contain an attack
Updating your cybersecurity policy
5. Recover
After an attack: Repair and restore the equipment and parts of your network that were affected. Plus, Keep employees and customers informed of your response and recovery activities.