As you stand before the mountain that is Cybersecurity preparation, the task can seem dauntless. Make no doubt about it. This is a culture change within your organization if Cybersecurity has not been top of mind. Fortunately, there is help. I would start by reviewing the NIST framework. The NIST framework provides a guide that covers 5 areas. Those areas are Detect, Identify, Protect, Respond, and Recover. It also provides a useful spreadsheet that lists all the requirements. Navigate to the link https://www.nist.gov/cyberframework/framework and then download the spreadsheet named “Framework V1.1 Core (Excel)”. Once downloaded, open up the the spreadsheet and then grade yourself on each area. Green good, yellow caution, red bad. This will give you a good starting point on what you need to work on. The NIST framework is very thorough and will guide you through what is needed from a policy standpoint. A few key policies that you will need to address are:
- Patching
- User Behavior (Acceptable use, Social Media, etc.)
- New User’s (Onboarding and Training)
- Risk Assessments (for new and existing applications)
- Equipment Inventory
Finally, make sure you develop and test a SIRP (Security Incident Response Plan). A SIRP is the plan you will follow if you have a Cybersecurity event. Develop a fictitious scenario and test this plan. Walk through your plan with your team and talk about what actions you would take. This exercise will uncover gaps and make your plan better. Do this exercise at least twice per year. Cybersecurity is everyone’s responsibility. As always, hoping this helps!
-Cheers
