Take a risk-based approach to managing cybersecurity with NIST

Many companies have had to deal with data breaches and cyber threats. This year hardly a week has passed without an organization reporting a breach. In the past two years, the cost of a ransomware attack has multiplied by 15, and surpassed $5 billion in 2017. The Cisco 2017 Annual Cybersecurity Report said that ransomware attacks increased every year. Organizations must be aware of the risk of suffering a data breach and ensure the data they hold is safe and accurate.

According to NIST (National Institute of Standards and Technology) special publication 1800-11A, “data integrity attacks have compromised corporate information including emails, employee records, financial records, and customer data.” The NIST CSF (Cybersecurity Framework) can help organizations of all sizes and complexity prevent future security incidents or recover from one.

The NIST CSF and cybersecurity management

The NIST CSF can be used to tackle ransomware, cyber threats, and any vulnerabilities. It helps organizations reduce cybersecurity risk, prioritize investments, maximize the impact of money spent on cybersecurity, and reduce miscommunications inside and outside the organization. NIST takes a risk-based approach which is key to effective security. This is also reflected in ISO 27001, the international standard for information security. ISO 27001 is the international standard that describes best practice for an ISMS (information security management system).

How to protect your organization? How to start your GDPR compliance journey?

The GDPR impacts organizations not only in the EU but also worldwide. Every organization should be compliant if they offer services or goods to EU individuals or if they collect personal information from them.

One way to start your GDPR (General Data Protection Regulation) compliance journey is by implementing the international standard ISO 27001,which will help you protect your organization from a potential data breach. Achieving ISO 27001 compliance requires a risk assessment to better understand your organization’s cybersecurity posture.

Vigilant Software has designed a risk assessment software tool – vsRisk™ – that not only includes controls from ISO 27001:2013 but also NIST 800-53. vsRisk is designed to help your organization produce consistent, robust, and reliable risk assessments year after year. vsRisk can also save you time and money and makes sure that organizations see consistent results over time. With vsRisk you can meet the ISO 27001 requirements for valid and comparable results.

If you would like to know more about our software tool, watch our teaser video >>



*** This is a Security Bloggers Network syndicated blog from Vigilant Software Blog authored by Ingrid Then-Guiraut. Read the original post at: https://www.vigilantsoftware.co.uk/blog/take-a-risk-based-approach-to-managing-cybersecurity-with-nist/