NIST-Based Cybersecurity Resilience Assessment

Addressing Cybersecurity Risk for Critical Sectors

According the US Department of Homeland Security, the national and economic security of the United States depends on the reliable functioning of its critical infrastructure, which includes the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, or national public health or safety.

To better address cybersecurity risk across all critical infrastructure sectors, Presidential Executive Order 13636, called for the development of a voluntary risk-based Cybersecurity Framework. The National Institute of Standards and Technology (NIST) was chosen to design the Cybersecurity Framework.

Sage’s Collaborative Approach

The NIST Framework for Improving Critical Infrastructure Cybersecurity uses business drivers to guide control activities. The framework enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improve security and business resilience.

The Framework Core consists of five concurrent and continuous process-driven security domains:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover

When considered together, these functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk.

Sage’s NIST Cybersecurity Resilience Assessment is designed to provide organizational context for cybersecurity risk and the processes in place to manage that risk. The outcome of the assessment will include identified gaps against the framework’s objectives, the cybersecurity risk posed by those gaps, as well as a roadmap to close those gaps in order to increase maturity in each of the framework’s five functional areas.

Reports and Recommendations

The outcome of the Sage’s NIST Cybersecurity Resilience Assessment includes:

  • Documentation of cybersecurity controls.
  • Assessment of the maturity (tier) of the organization’s information security/cybersecurity program. The Tiers range from Partial (Tier 1) to Adaptive (Tier 4) and describe an increasing degree of rigor and sophistication in cybersecurity management practices.
  • Gaps are identified for each tier with recommendations for increasing cybersecurity maturity.

No one is immune to cyber-attacks

Are you struggling to find the time to effectively monitor your network for potential threats? Let nDiscovery do the detective work for you! We translate generic threat data into specific actionable intelligence – cutting through the noise so you can focus on what is truly important.

Learn More About nDiscovery