NIST Cyber Security Framework

In 2013 the US President issued an Executive Order titled “Improving Critical Infrastructure Cybersecurity”.  This order established that it was the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure.  As a result, the National Institute of Standards and Technology (NIST) released the NIST Cybersecurity Framework in 2014.

NIST is the US federal organisation responsible for providing technical leadership and globally it is considered one of the preeminent sources of cyber security guidelines, recommendations and reference materials.

The NIST Cybersecurity Framework provides a policy framework for organisations to assess and improve their ability to prevent, detect, and respond to cyber attacks.

When NIST released the Cybersecurity Framework, it was originally intended for organisations responsible for critical infrastructure in the United States.  Since then it has widely adopted by many other businesses, both in the US and around the world.

 

NIST framework for small business

In 2016 NIST recently released Report 7621 Revision 1 (NISTIR 7621r1), Small Business Information Security: The Fundamentals.  This is an interpretation of the Cybersecurity Framework for small business and provides guidance on how small businesses can provide basic security for their information, systems, and networks.

The NISTIR 7621r1 publication aims to help small businesses develop a basic, risk-based program to understand and protect their business information.  It describes how cybersecurity works in conjunction with a variety of other security-related components, such as physical security, personnel security, contingency planning and disaster recovery, operational security, and privacy.  The guidance further describes why small business leaders should provide information security.

 

Ignite cyber security framework

The Ignite Systems Cyber Security Framework is an adoption of the globally recognised NIST (National Institute of Standards and Technology) Cyber Security Framework.  This framework emphasises the importance of a risk management approach and has been designed for use with small businesses in any sector.

The Ignite Systems Cyber Security Framework details a comprehensive set of arrangements intended to provide a small business with a level of security for their information, systems, and networks, based on current cyber security best practices.  It is the basis for the development and delivery of the Ignite Systems technology management services, and it also forms the basis for the Ignite Systems Cyber Security Risk Report.

Consistent with the NIST Cyber Security Framework, the Ignite Systems Cyber Security Framework comprises five areas of focus that form the security life cycle; Identify, Protect, Detect, Respond and Recover. These five categories are further broken down into sub-categories, as shown in this diagram.

Identify – An understanding of the cyber security risks in relation to systems, assets, data, and capabilities.

Protect – Measures to protect and maintain critical infrastructure services.

Detect – Processes to identify the occurrence of a cyber security event.

Respond – Arrangements to act regarding the detection of a possible cyber security event.

Recover – Plans and restoration procedures to reinstate capabilities or services impaired due to a cybersecurity event.