We can assist you in assessing your Cyber Risk in accordance with best practice guidelines, including those set by New Zealand Government Agencies such as the Financial Markets Authority.
Our Cybersecurity Advisory Programme is aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which organisations can use to:
- Describe their current cybersecurity posture;
- Describe their target Profile for cybersecurity;
- Identify and prioritise opportunities for improvement within the context of a continuous and repeatable process;
- Assess progress toward the target Profile; and
- Communicate among internal and external stakeholders about cybersecurity risk.
The NIST Cybersecurity Framework can be used to either develop or improve upon a cybersecurity programme. Given there are 108 sub-categories which define the framework, we recommend where possible, automating your programme. The main phases include assessments of your current profile and target profile, and based on the variances, establishing a roadmap of improvement actions.
Your conformance with the programme and priority areas can then be re-assessed as often as you like without the need to re-produce time intensive reports. At a high level, your programme should include at least the following outputs:
Respond and Recover Key Considerations
Much attention is paid to the three functions of “Identify”, “Protect” and “Detect”. But what if you suffer a cyber-attack? How prepared are you to “Respond” and “Recover”? These are the two functions that Incident Response and Forensic Technology specialists most commonly deal with. Regardless of your organisations cyber-security profile maturity, we recommend ensuring you have at least considered the following NIST recommendations:
- systems or assets affected by cybersecurity incidents.
- Improve response and recovery planning by incorporating lessons learned into future activities.
NIST Resources to Improve Forensic Preparedness
The NIST website provides numerous resources to assist, including:
- NIST Cybersecurity Framework Implementation Tiers
- Forensic procedures in the event of a cybersecurity incident. Examples include: ‘Computer Forensic Reference Data Sets’ consists of documented sets of simulated digital evidence for examination.