How to use Cyber Security Framework

  • 2 weeks   ago
  • 84

We keep hearing about new discoveries and inventions in the field of information technology every day. Information technology is a vast field that contains a lot of sub fields in it. Artificial intelligence is one the fields that are a hot topic nowadays. There is a lot of research going on around this field of information technology. The main motive of scientists is to make a machine that acts and thinks like human. It seemed quite impossible when it was started but there has been progress in the field. Who does not know about siri from Apple and alexa from Amazon. They are kind of algorithms that talk to you, answer you and do as you ask them. They perform your in phone tasks like calling, messaging, playing music etc. They can do the searching for you over the internet as well. They were some examples that we have used or seen. There are things that are happening and they are happening by the help of robots and artificial intelligence. Robots are serving food in the restaurants and to your hotel rooms. It is all contained till the narrow intelligence by now. Artificial general intelligence is what scientists are after, now. This does seem impossible for now but anything can happen in future. 

Technology has been an important part of our life and it has also transformed our lifestyle for better. There are some cons of using technology as well. We rely on these technologies so much now that it is affecting our health now. We have become lazy as we have never been before. We can do everything from home so nobody really bothers to go out for anything. 

What is Cyber Security

As we are using technology for things like shopping, travel tickets booking and storing our data. All of that is pretty convenient for us but there is always a risk of cyber threats that keeps haunting us. We are always on the verge of losing our data if any kind of cyber attack takes place. Securing our data and internet connected assets from all the cyber threats is called cyber security. There are multiple ways of doing that. We can hire a cyber security expert to do that if we are using our personal cloud or else cloud service providers do take care of security of your data.

Using Cyber Security Framework

When we talk about most valuable assets, data is obviously one of them that itself tells how important cyber security is. A cyber security framework is the set of standard rules and guidelines that is used to manage and avoid security risks. The basic reason of creating frameworks was to let associations know about how to avoid and decrease potential risks. There are some cyber security frameworks discussed below.

  • PCI DSS (Payment Card Industry Data Security Standard) : The set of rules and standards to secure payments related data is PCI DSS.

  • ISO 27001/27002 (International Organization for Standardization) : The set of rules and standard guidelines to secure and manage information is all related to this framework.

  • CIS (Critical Security Controls) : The set of standard rules and guidelines about how to do the cyber protection.

  • NIST Framework: It is the set of standard activities and rules that are there to help organizations in improving their cyber security. It works as the cyber security hands on training for organizations.

Implementation of Cyber Security Framework

There are a lot of cyber security frameworks available and you can learn everything about them in any of the network security training course. We will see how to implement and use NIST framework. There are six steps of implementing this framework.

  1. Set Your Goals

Setting goals is the first thing in implementing a security framework. These goals are related to the data security. In this step you prioritize your areas of security that which area needs the most protection and so on. It organizes your actions by establishing a pattern un your security actions. 

  1. Create a Detailed Profile

Your organization may need cyber security or it may not. NIST is a framework that has a set of standard rules that can be applied to various industries. Application of NIST can differ from organization to organization. There are four tiers to help you identify what kind of rules your need. First tier is partial in which there are very less amount of cyber security activities. In second tier there are companies that have awareness about some cyber threats and they work on how to respond to them. In third tier there are companies that go through cyber security practices repeatedly and in fourth tier there are companies that believe in the quote ‘Prevention in better than the cure’. They do take all the preventive steps to stop any all of these attacks from happening.

  1. Determine Your Current Position

Determining your current position in terms of cyber security is an important thing. Risk assessment will reveal everything that what is working right and where we need to work to get to the benchmark set by NIST framework. There is a way of assessing your system that is penetration testing. You can hire a professional to do that for you. 

  1. Analyzing Gaps and Identifying Needed Actions

When assessment tests are done and you get to know about less secured areas in your system. It is when you know which areas your need to work on to make your system secured. This also helps you prioritizing when making plan for NIST. This is a crucial step in implementation any security framework such as NIST and we need to have sufficient knowledge about it. It is easy now to learn very quickly from online information security training courses.

  1. Implement Your Plan

After doing all the previous steps your finally have a plan in hand that is ready to be implemented. All the knowledge you gathered about your current system’s security state will help you in starting the remedy of removing the vulnerabilities. But there is one important thing to remember that it is not a onetime thing and if you want to keep your system safe you will have to keep doing this activity every now and then. 

  1. Using NIST Resources

When framework is implemented you should use the resources of that framework to make sure things stay fine. Like in NIST framework using secured file sharing solution is a recommendation to ensure security and speed.