New Cybersecurity Guidelines Released by White House, Part 2

New Cybersecurity Guidelines Released by White House, Part 2

Framework Implementation Tier selection considers the following about your business:

  • Current risk management practices;
  • Threat environment;
  • Legal requirements;
  • Business objectives; and
  • Organizational constraints.

New Cybersecurity Guidelines Released by White House, Part 2I suggest the executive team of the company meeting with key employees and identifying the 5 characteristics above. The more your company identifies up front with accuracy, the easier it will be to identify the correct tier.

To choose the correct tier, be sure that the level you select meets your organization’s goals, that your organization can implement it and that it reduces risks to critical assets and resources. It is recommended to leverage guidance from governmental departments and agencies, Information Sharing and Analysis Centers (ISAC), existing models and other sources to help in determining the correct tier.

Progression to higher tiers is encouraged when it would be cost effective and reduce cybersecurity risk for your organization.

Tier 1: Partial

Your company belongs here if:

  • No cybersecurity risk management practices are identified;
  • Risk is managed reactively;
  • There is a limited awareness of cybersecurity risk;
  • Cybersecurity risk management is implemented on situation by situation basis;
  • Organization has no processes in place to collaborate with others.

Tier 2: Risk Informed

Your company belongs here if:

  • Risk management practices are approved by management but not established as a company policy;
  • Company-wide approach to managing cybersecurity risk is not established;
  • Process and procedures are defined;
  • Employees has resources to perform cybersecurity tasks;
  • Cybersecurity information is shared within organization informally; and
  • Knows organization knows its role but is not capable of sharing information externally.

Tier 3: Repeatable

Your company belongs here if:

  • Cybersecurity risk management practices are identified, expressed as policy and updated regularly;
  • Have a company-wide approach to managing cybersecurity risk;
  • Policies, processes and procedures are defined, implemented and reviewed;
  • Methods in place to respond effectively to risk changes;
  • Employees know how to performed roles; and
  • Organization collaborates with others in risk management decisions.

Tier 4: Adaptive

Your company belongs here if:

  • Adapts cybersecurity practices based on lessons learned and predictive analysis;
  • Actively adapts to changing cybersecurity risks;
  • Effectively responds to threats in a timely manner;
  • Uses company-wide risk-informed policies, processes and procedures to address potential cyber threats;
  • Cybersecurity risk management is part of company’s culture;
  • Cybersecurity risk management evolves from awareness of previous events, information shared by other sources and continuous awareness of own systems and networks; and
  • Actively shares risk management information with partners.

By no means is this meant as a complete “how-to” guide to the cybersecurity framework; however, I believe that it gives a brief overview and identifies how effective this framework can be if organizations will take the time to identify their characteristics and use those details to accurately determine the company’s sense of cybersecurity management.

About the Author

Ginger Hill is Group Social Media Manager.

Featured

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX
  • Allied Universal Report Highlights Expected Security Hazards

    All is not well with the world. I know that is not breaking news. Read Now

    • Industry Events
    • GSX
  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX
  • Nothing Artificial About this Intelligence

    I have been looking forward to this year’s GSX show in New Orleans, the Cresent City, or if you prefer The Big Easy. It seems like quite a while since we’ve been here. Twenty years ago, ASIS, as it was known then was literally washed out of the city by someone known as Katrina. It is a good thing to come back to NOLA. Read Now

  • From Monitors to Mission Control

    Security Operations Centers (SOC) were once defined by rows of static monitors, each displaying a single feed with operators quietly watching for issues. That model has become obsolete. Incidents evolve too quickly, data comes from multiple locations, and decisions must be made in seconds—not minutes. Read Now

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.