Review Updates to Security Frameworks


If you are using a framework to manage your security program, now is a good time to check and see if there have been any recent updates that might be relevant to your organization.

Prioritize Security Controls

If you are looking for one to start with, the Center for Internet Security (CIS) has made it easier to prioritize security controls with the release of CIS Controls Version 7.1 and the introduction of Implementation Groups.  Utilizing the CIS Controls V7.1 and Implementation Groups, organizations can realize benefits such as:

  • Creating an effective cybersecurity program on a budget
  • Practicing cyber hygiene with limited resources and expertise
  • Prioritizing their cybersecurity efforts

Risk Management Framework

National Institute of Standards and Technology (NIST) published an update to the Risk Management Framework, utilized extensively by the Federal Government and Department of Defense in December of 2018. SP 800-37 Revision 2 provides a disciplined, structured, and flexible process for managing security and privacy risk that includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. The RMF includes activities to prepare organizations to execute the framework at appropriate risk management levels.

Exercise Your Technology Continuity of Operations Plan

Businesses use technology to quickly and effectively process information. Employees use electronic mail and Voice over Internet Protocol (VOIP) telephone systems to communicate. Electronic data interchange (EDI) is used to transmit data including orders and payments from one company to another. Servers process information and store large amounts of data. Desktop computers, laptops and wireless devices are used by employees to create, process, manage and communicate information.  Organizations rely on the Internet to connect to many cloud applications.

What do you do when your technology stops working? has some resources for information technology disaster recovery planning

Most polls and studies show that less than half of all businesses and organizations exercise their Continuity of Operations (COOP) plan on an annual basis. The technology piece within that COOP is imperative in the connected world we live in.

Cyber-attacks, power outages, Internet outages are all good scenarios that can be utilized to see how your organization reacts when technology is no longer available to utilize for a period of time.

Contact ICN to help with your security needs.