Digital Transformation + Cyber Security = Success
Digital Transformation. What to focus on:
Customer Experience -> Operational Efficiencies -> New Revenue Streams -> Rapid Response to Change
What is NIST-CSF : National Institute of Standards & Technology – Cyber Security Framework
The framework is made up of PROFILE : CORE : IMPLENTATION TIERS
Overall, the framework is to improve cyber security against threats.
NIST 7-Step Approach : Scope/Prioritise -> Orient -> Profile -> Risk Assessment -> Target Profile -> Analyse/Prioritise Gaps -> Implement Action plan
Benefits of NIST-CSF : Common Language -> Collaboration -> Due Diligence -> Budget & resource -> Inclusive of Supply Chain -> Compliance
Identify -> Protect –> Detect -> Respond -> Recover
Identify -> Asset Management -> Business Environment -> Governance -> Risk Assessment -> Risk Mgt Strategy -> Supplu Chain
Protect -> Access Control -> Awareness & Training -> Data Security -> Information Protection -> Maintenance -> Protective Technology
Detect -> Detect anomalies & events -> continuous monitoring -> develop and deploy detection processes
Respond -> Response Processes and Procedures -> Coordinate response activities -> Mitigate effect -> Capture
Recover -> Recovery Planning -> Improvements -> Communications
NIST-CSF Tiers :
- Tier 1 – Partial – Limited cyber security risk awareness
- Tier 2 – Risk Informed – Some risk practices.
- Tier 3 – Repeatable – Formal risk management & receives external information.
- Tier 4 – Adaptive – Adaptive risk management and actively shares information.
Properties of Risk Management: Risk Management Process -> Integrated Risk Management Program -> External Participation
Cyber Risk Equation : Risk = Threats x Vunerabilities x Asset Value (Risk is NEVER ZERO)
NIST-CSF core: Function -> Categories -> Subcategories (Note: Subcategories -> Maps to : Informative references)
Risk Assessment Methodology (4 parts) : Assessment process -> Risk model, -> Assessment approach, -> Analysis approach.
Risk management Strategy
(input) Risk assumptions – > Risk constraints -> Priorities and trade-offs – > Risk tolerance -> Uncertainty.
(Outputs) Foundation for Risk Management -> Boundaries for risk based decisions ->
Risk Assessment : Frame the risk -> Assess the risk -> Respond to the risk -> Monitor the risk
CIIS – Continual Implementation & Improvement System
Set Vision-> Current Situation -> Goals -> Plans -> Progress -> Momentum