• You are here:  
  • Home /
  • Resources /
  • Blog /
  • Ashley Louden /
  • The Hidden Costs of Ineffective Data Management
  • About Us
  • IT Services
  • Compliance
  • Resources
  • Contact Us
  • Who We Serve
  • Speaker Request
  • (888) 277-8320

    • Appalachia Technologies Blog

    Appalachia Technologies team is comprised of a diverse mix of IT professionals, some of whom have been on the forefront of IT since the industry’s inception. Through the years, our team has developed a wide array of experience in understanding individual needs and how they relate to your business.
    Categories
    Tags
    Categories:   All Categories
    Suggested keywords
    x

    NIST CSF 2.0 (Part 2) - Webinar Breakdown and Insights

    In late February, NIST (National Institute of Standards and Technology) released the NIST Cybersecurity Framework (CSF) 2.0, a considerable update since its creation in 2014.  To help our cybersecurity community and businesses digest the changes, Mike Miller and a team from Appalachia Technologies recently held a lunch and learn webinar.  The webinar provided a mixture of voices and perspectives.  After the event, we asked each member of the panel for their thoughts on what’s most important about NIST CSF 2.0 and the discussions that came from the webinar. 

    GRC and vCISO Practitioners

    As vCISOs, Jimmy Armour and Yoel Alvarez, along with others, are frequently assisting organizations with the creation, documentation, and revision of policies and procedures.  Their goal is to determine an organization’s current status and help to shape the way forward toward maturity.

    Jimmy Armour, vCISO

    • Only your organization can determine if the NIST CSF is the best framework for your organization. The NIST CSF might be a great fit for your organization, or there may be another framework that is a better fit. Do you have any compliance requirements?  Compliance can be a driver for choosing the best framework for your organization.  By determining the ‘Why’ behind increasing your cybersecurity maturity, you can more easily focus in on the best fit.
    • Your organization’s path may not be the same as other organizations. The risks to your business are specific to your business, therefore your path to achieving cybersecurity will be unique.
    • ’What’s good enough?’ is a question that should be asked frequently. This is a question to ask when looking at each control and each domain to determine what you’re targeting. This question is really best answered by performing a risk assessment to understand your current position on all risks and determine if they have been appropriately addressed.  Also, a risk assessment will help decide where different risks reside in your risk appetite.

    Yoel Alvarez, vCISO

    • NIST CSF is a great starting point regardless of the compliance requirements or the industry. But why stop there - why not take it to the next level? That's where GRC tools shine the brightest, turning what could have been another spreadsheet into a full Governance, Risk and Compliance program. GRC tools allow you to map individual controls to Policies, Procedures, Risks, Evidence, Assets and Action Items, among other features. Then the tool can be used to wrap it all up into a clean and manageable Dashboard to aid you when presenting to audiences of all levels.
    • It is best practice to use more than one framework or standard when tracking compliance. Most organizations struggle with one, let alone two - unless you have a GRC tool. With a GRC tool, crosswalking multiple frameworks or standards becomes manageable and presentable.

    Red Team / Penetration Tester

    Joel Prentice’s perspective adds a twist to the conversation.  As someone who is routinely being asked to test companies’ cybersecurity by attempting to penetrate the network, he shared how the NIST CSF pays off.  Rather than a view from the side of creating policy and procedures for a business to follow, he shared how following a framework can play a role in keeping an attacker from entering a network.

    Joel Prentice, Red Teamer/Ethical Hacker

    • The NIST CSF offers a great roadmap for creating policies and procedures. If an organization is not very mature in their cybersecurity, the NIST CSF is a great place to start. At the same time, the CSF may also help companies to align to any required compliance frameworks.
    • NIST CSF helps to ensure day-to-day operations such as configuration of equipment or patching schedules are being followed.
    • When implemented and adhered to, the NIST CSF can reduce your risk of being breached, or allows for a swifter recovery. Attackers are looking for holes in identification, detection, and protection.

    Mike has served as a vCISO for numerous organizations, providing guidance on how to mature an organization’s cybersecurity, and in many cases helping to implement a security framework.  Before he moved into this space, he founded a company that provided cybersecurity services, including penetration testing.  Mike brings both the GRC and Red Team perspective to the table.

     Mike Miller, vCISO and former Red Teamer

    • Small organizations with small IT teams can still use the NIST CSF and will strengthen their security postures by implementing even just a few more things than before.
    • There are several frameworks. If you are not currently following any of them, starting with the NIST CSF will get you closer to compliance on future frameworks that your organization might be held to (SOC2, PCI, etc).
    • There is no silver bullet that will make your organization secure. We help build a stronger security posture by pushing forward little by little. It's a marathon, not a sprint.  Set short-term and long-term goals.

    Executive

    Terri Bendl is often included in the conversations with decisions-makers that may not be technical or involved in IT or cybersecurity, while others are technical yet tasked with balancing their needs with other business initiatives.  Her experience helps to support the IT and cybersecurity teams when trying to get buy-in to move important projects forward.

    Terri Bendl, Vice President of Sales & Marketing

    • The NIST CSF is a great tool to use for communicating your current cybersecurity posture to Executives. As a framework of best practices that’s widely used by businesses across many industries, it provides an objective (not subjective) view that IT Departments can use to present a compelling business case to the financial decision-makers when making additional asks for resources (staff, tools, outsourced services, etc.)
    • Focus on business-level discussions and translate how your initiatives combined with having a good cybersecurity hygiene can protect the brand and protect against financial loss. It can also be positioned as a competitive advantage, resulting in increased revenue through winning deals. We have clients with real-world examples of this!

    These perspectives on NIST CSF 2.0 highlight the framework's flexibility and adaptability. Regardless of your current approach to cybersecurity, there's likely value in exploring how NIST CSF can benefit your organization.  Ready to discuss how NIST CSF aligns with your needs?  Our team can help you build a case for implementation based on the insights you gained here.

    Be sure to check out Part 1 on the NIST CSF 2.0 changes!

    LinkedIn
    Tags:
    Compliance Best Practices Security
    The Most Dangerous Myths About Cloud Data Backup
    How to Beef Up Your Incident Response Plan

    News & Updates

    Terri Black-Bendl, Vice President of Sales & Marketing, Nominated for Women in Technology Award
    Terri Black-Bendl, Vice President of Sales & Marketing, Nominated for Women in Technology Award
    PRESS RELEASE Mechanicsburg, PA, July 11, 2024 - Appalachia Technologies is excited to announce that Terri Black-Bendl, Vice President, Sales & Marketing, has been nominated for the Women in Technology Awards, presented by Technology Council of Central PA.  Terri’s nomination category, Impact Award – Private Sector/Entrepreneur to Small Business, spotlights women who have made contributions in technology in the Entrepreneurial/Small Business (under 50 employees) category.
    Read More

    Contact Us

    Learn more about what Appalachia Technologies can do for your business.

    Appalachia Technologies
    5000 Ritter Road Suite 104
    Mechanicsburg, Pennsylvania 17055