The best defense against cyber threats for lean security teams
H0lyGh0st, Magecart, and a slew of state-sponsored hacker groups are diversifying their tactics and shifting their focus to… you. That is, if you’re in charge of cybersecurity for a small-to-midsize enterprise (SME).
Why? Bad actors know that SMEs typically have a smaller security budget, less infosec manpower, and possibly weak or missing security controls to protect their data and infrastructure.
So, how can you prepare for the imminent onslaught from new and emerging threat groups? You need a plan.
Start with the NIST Cyber Security Framework
The good news is you don’t have to create your security strategy from scratch. The National Institute of Standards and Technology Cyber Security Framework (NIST CSF) is one of the most respected and widely used standards in the world.
While originally designed for critical infrastructure industries, the NIST CSF is flexible enough for organizations of all sizes, sectors, and maturities to use in large part because the framework focuses on cybersecurity outcomes.
The only problem? The NIST CSF doesn’t provide guidance on how to achieve those outcomes.
Where the NIST CSF falls short
The amount of jargon and lack of actionable steps are some of the top complaints about the NIST CSF among less-resourced – yet more targeted – SMEs.
NIST proposed a significant reform to its CSF, with plans to open the public comment period soon. Among the potential changes would be to “explicitly recognize CSF’s broad use to clarify its potential applications.”
Hackers, of course, won’t wait for NIST to release more actionable security guidance – and neither should you.
Use NIST’s missing link: The Cyber Defense Matrix
Created by cybersecurity practitioner Sounil Yu, the Cyber Defense Matrix provides practical guidance for aligning your security program with the NIST CSF.
Use this guide to see how to:
- Answer practical questions about how to apply the NIST CSF to your control environment
- Map the 5 areas of infosec management against your most targeted assets
- Know what to consider when securing each of those assets
- Identify gaps in your information security program
- Understand which controls and security tools you need to close those gaps
- See the one step the NIST CSF overlooks (but that can protect you from future, repeated attacks)
This guide is no longer available.