New Cybersecurity Guidelines Released by White House, Part 2

New Cybersecurity Guidelines Released by White House, Part 2

Framework Implementation Tier selection considers the following about your business:

  • Current risk management practices;
  • Threat environment;
  • Legal requirements;
  • Business objectives; and
  • Organizational constraints.

New Cybersecurity Guidelines Released by White House, Part 2I suggest the executive team of the company meeting with key employees and identifying the 5 characteristics above. The more your company identifies up front with accuracy, the easier it will be to identify the correct tier.

To choose the correct tier, be sure that the level you select meets your organization’s goals, that your organization can implement it and that it reduces risks to critical assets and resources. It is recommended to leverage guidance from governmental departments and agencies, Information Sharing and Analysis Centers (ISAC), existing models and other sources to help in determining the correct tier.

Progression to higher tiers is encouraged when it would be cost effective and reduce cybersecurity risk for your organization.

Tier 1: Partial

Your company belongs here if:

  • No cybersecurity risk management practices are identified;
  • Risk is managed reactively;
  • There is a limited awareness of cybersecurity risk;
  • Cybersecurity risk management is implemented on situation by situation basis;
  • Organization has no processes in place to collaborate with others.

Tier 2: Risk Informed

Your company belongs here if:

  • Risk management practices are approved by management but not established as a company policy;
  • Company-wide approach to managing cybersecurity risk is not established;
  • Process and procedures are defined;
  • Employees has resources to perform cybersecurity tasks;
  • Cybersecurity information is shared within organization informally; and
  • Knows organization knows its role but is not capable of sharing information externally.

Tier 3: Repeatable

Your company belongs here if:

  • Cybersecurity risk management practices are identified, expressed as policy and updated regularly;
  • Have a company-wide approach to managing cybersecurity risk;
  • Policies, processes and procedures are defined, implemented and reviewed;
  • Methods in place to respond effectively to risk changes;
  • Employees know how to performed roles; and
  • Organization collaborates with others in risk management decisions.

Tier 4: Adaptive

Your company belongs here if:

  • Adapts cybersecurity practices based on lessons learned and predictive analysis;
  • Actively adapts to changing cybersecurity risks;
  • Effectively responds to threats in a timely manner;
  • Uses company-wide risk-informed policies, processes and procedures to address potential cyber threats;
  • Cybersecurity risk management is part of company’s culture;
  • Cybersecurity risk management evolves from awareness of previous events, information shared by other sources and continuous awareness of own systems and networks; and
  • Actively shares risk management information with partners.

By no means is this meant as a complete “how-to” guide to the cybersecurity framework; however, I believe that it gives a brief overview and identifies how effective this framework can be if organizations will take the time to identify their characteristics and use those details to accurately determine the company’s sense of cybersecurity management.

About the Author

Ginger Hill is Group Social Media Manager.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.