The need for effective security is not just limited to large organisations. Smaller organisations equally need to consider the importance of the information they hold, and the impact to their business and customers if this information fell into the wrong hands or was no longer available.
While there are many best practice standards available to guide good security implementation, their relevance and ability to be applied in smaller organisations may not be clear. This can make it difficult for smaller organisations to determine the scope and extent of security controls that they can practically implement, and whether they have the internal capability to do so.
As highlighted in a recent podcast interview with AEMO’s Chief Security Officer, Tim Daly, standards like the NIST Cybersecurity Framework are available for organisations of all sizes to use. The interview also highlighted partnering with a service provider for assistance where internal expertise may not be available.
How can the NIST framework help? While comprehensive and detailed in nature, the framework still offers a good model for smaller organisations to adopt, being based around a lifecycle approach to cybersecurity-related risk. It aims to guide organisations to:
- Identify the information and services that are important to the organisation
- Protect those important assets through proactively identifying and implementing appropriate security measures at a level appropriate for the organisation
- Detect malicious or unauthorised activities that could put the organisation’s information and services at risk
- Respond to those activities effectively to minimise any impacts
- Recover any impacted information or services in a planned, timely and effective manner.
Still not sure where to start and what to do? Alcorn Group can work with your organisation to perform a NIST capability and gap assessment to help determine your organisation’s current security posture. We can also provide recommendations on appropriate cybersecurity measures to address any gaps and guide you on their implementation. These activities together will help your organisation achieve the first two stages of the NIST framework – “Identify” and “Protect”.
Do you need a trusted partner to perform those ongoing security functions that your organisation does not have the internal capability to deliver? Alcorn Group can tailor a managed security service to fit your organisation’s needs. From effectively planning for and responding to cybersecurity incidents, through to assisting with returning impacted services to normal operations, our managed security service solutions will help your organisation achieve the final three phases of the NIST framework – “Detect”, “Respond” and “Recover”.