Aimed at reducing risks to critical information technology infrastructures, The National Institute of Standards and Technology (NIST) released a new recommended cybersecurity framework. At this time the framework is not mandatory for financial institutions, but is supported by many national industry associations and regulatory bodies.

 The Framework

Regardless of your organization’s size, degree of cybersecurity risk or sophistication implementing this new framework will allow the institution to apply the principles and best practices of risk management to improve security and resilience of your critical infrastructures.

Designed to form an operational culture that addresses the dynamic of cybersecurity risks, the framework’s core includes five functions supporting related business activities:

  1. Identify: Developing the organizational understand to manage cybersecurity risks to systems, assets, data and capabilities. This function assists in improving asset management, business environment, governance, risk assessment and risk  management strategies.
  2. Protect: Supporting access control, awareness and training, data security, information protection processes and procedures, maintenance and proactive technology is the protection function. It creates and implements the appropriate safeguards to ensure delivery of critical infrastructures services.
  3. Detect:  Enabling  timely discovery of cybersecurity events, this function helps implement appropriate activities to identify issues. This function will guide anomalies and events, security continuous monitoring and the detection  process within an institution.
  4. Respond:  Ensuring that actions are taken in the event of a cybersecurity event, this function helps develop proper response planning, communications, analysis, mitigation and improvement processes.
  5. Recover:  Prompting timely recovery to normal operations and reducing impact of a potential cybersecurity event is the recover function. This function assists in putting into place recovery planning, improvement process and communications.

For more information on how to implement this cybersecurity framework into your financial institution, contact our IT Assurance and Security Group specialists in Michigan, Houston or Ft. Lauderdale.