New Cybersecurity Guidelines Released by White House, Part 2

New Cybersecurity Guidelines Released by White House, Part 2

Framework Implementation Tier selection considers the following about your business:

  • Current risk management practices;
  • Threat environment;
  • Legal requirements;
  • Business objectives; and
  • Organizational constraints.

New Cybersecurity Guidelines Released by White House, Part 2I suggest the executive team of the company meeting with key employees and identifying the 5 characteristics above. The more your company identifies up front with accuracy, the easier it will be to identify the correct tier.

To choose the correct tier, be sure that the level you select meets your organization’s goals, that your organization can implement it and that it reduces risks to critical assets and resources. It is recommended to leverage guidance from governmental departments and agencies, Information Sharing and Analysis Centers (ISAC), existing models and other sources to help in determining the correct tier.

Progression to higher tiers is encouraged when it would be cost effective and reduce cybersecurity risk for your organization.

Tier 1: Partial

Your company belongs here if:

  • No cybersecurity risk management practices are identified;
  • Risk is managed reactively;
  • There is a limited awareness of cybersecurity risk;
  • Cybersecurity risk management is implemented on situation by situation basis;
  • Organization has no processes in place to collaborate with others.

Tier 2: Risk Informed

Your company belongs here if:

  • Risk management practices are approved by management but not established as a company policy;
  • Company-wide approach to managing cybersecurity risk is not established;
  • Process and procedures are defined;
  • Employees has resources to perform cybersecurity tasks;
  • Cybersecurity information is shared within organization informally; and
  • Knows organization knows its role but is not capable of sharing information externally.

Tier 3: Repeatable

Your company belongs here if:

  • Cybersecurity risk management practices are identified, expressed as policy and updated regularly;
  • Have a company-wide approach to managing cybersecurity risk;
  • Policies, processes and procedures are defined, implemented and reviewed;
  • Methods in place to respond effectively to risk changes;
  • Employees know how to performed roles; and
  • Organization collaborates with others in risk management decisions.

Tier 4: Adaptive

Your company belongs here if:

  • Adapts cybersecurity practices based on lessons learned and predictive analysis;
  • Actively adapts to changing cybersecurity risks;
  • Effectively responds to threats in a timely manner;
  • Uses company-wide risk-informed policies, processes and procedures to address potential cyber threats;
  • Cybersecurity risk management is part of company’s culture;
  • Cybersecurity risk management evolves from awareness of previous events, information shared by other sources and continuous awareness of own systems and networks; and
  • Actively shares risk management information with partners.

By no means is this meant as a complete “how-to” guide to the cybersecurity framework; however, I believe that it gives a brief overview and identifies how effective this framework can be if organizations will take the time to identify their characteristics and use those details to accurately determine the company’s sense of cybersecurity management.

About the Author

Ginger Hill is Group Social Media Manager.

Featured

  • Choosing the Right Solution

    Today, there is a strong shift from on-prem installations to cloud or hybrid-cloud deployments. As reported in the 2024 Genetec State of Physical Security report, 66% of end users said they will move to managing or storing more physical security in the cloud over the next two years. Read Now

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

Featured Cybersecurity

Webinars

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3