You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>July</strong> <strong>2021</strong><br />
THE VALLEY BUSINESS JOURNAL<br />
www.TheValleyBusinessJournal.com<br />
19<br />
NIST – Achieving Alignment in<br />
Cybersecurity<br />
Technology has always been a<br />
dynamic market. Traditional focus has<br />
moved from a hardware/software to<br />
virtualization and the cloud. But data<br />
has clearly been designated as the true<br />
prize and in the unpatrolled world of the<br />
Internet, it is up to you to secure it. You<br />
can have the fastest car in the lot but take<br />
it down a dirt road and you’re in trouble.<br />
The difficulty with protecting data thus<br />
far has been the lack of standardization of<br />
how to go about protecting it but the Cybersecurity<br />
Framework (CSF) developed<br />
by the National Institute of Standards<br />
and Technology (NIST) is providing the<br />
foundation that has been missing.<br />
Though the NIST is part of the<br />
Department of Commerce, companies<br />
are not mandated to follow any of their<br />
standards unless you work with the<br />
Federal Government. And it is a contractual<br />
provision. The value of the CSF to<br />
non-government serving businesses is a<br />
common language around cybersecurity<br />
and future proofing your security posture<br />
for regulations to come. Both the<br />
California Consumer Privacy Act and<br />
the New York Department of Financial<br />
Services Cybersecurity Regulation use<br />
NIST guidelines in their framework and<br />
many other states are rolling out new<br />
laws forcing business to have formal<br />
cybersecurity policies.<br />
The topic of cybersecurity is often<br />
met with an “it’s not going to happen to<br />
me” attitude even though you’ve probably<br />
received breach notification emails<br />
from companies you’ve given your<br />
personal information to. In 2018 alone<br />
5 billion sensitive records were compromised.<br />
Picture for a moment how your<br />
business would be affected if you had to<br />
send your employees and customers an<br />
email that their personal information had<br />
been compromised. Will they trust you<br />
moving forward? What will you need to<br />
do to repair the relationship? What will<br />
the government fine you for the breach?<br />
The NIST framework can be applied<br />
to any size business. Getting your arms<br />
around the basics is the best way to start<br />
building your cybersecurity posture. The<br />
core of the framework is broken down<br />
into 5 functions:<br />
Identify – Think through all of your<br />
systems, people, assets, data and capabilities.<br />
Protection – Implement your safeguards<br />
and conduct ongoing maintenance.<br />
Detect – Processes and procedures<br />
for timely detection are crucial to mitigate<br />
loss.<br />
Respond – A cybersecurity response<br />
plan details out the how, who and what<br />
when there is no time to waste.<br />
Recover – Create a plan to be resilient<br />
and restore operations back to<br />
normal.<br />
Beyond the potential for loss of<br />
business and reputation damage a data<br />
security breach in itself can cost you a<br />
significant amount of money from data<br />
recovery to fines. By working through<br />
the NIST 5 functions to begin your framework,<br />
you’ll be able to clearly gauge your<br />
acceptable risk level and plan out where<br />
action is needed in your environment.<br />
While this can be done in house,<br />
depending on your particular talents, an<br />
outside specialist will be able to assess<br />
your infrastructure from a different perspective<br />
and is usually the best source<br />
for up to date information and process<br />
control. Whatever your path, it needs to<br />
get done.<br />
Mythos Technology is an IT consulting<br />
and management firm that provides<br />
Managed Technology Services including<br />
hosted cloud and compliance solutions.<br />
For more information, please visit www.<br />
mythostech.com or call (951) 813-2672.<br />
TECHNOLOGY<br />
by<br />
by<br />
James<br />
Steve<br />
Laszko<br />
Fillingim<br />
MYTHOSTECH.COM