NIST Cybersecurity Framework

We can assist you in assessing your Cyber Risk in accordance with best practice guidelines, including those set by New Zealand Government Agencies such as the Financial Markets Authority and the Reserve Bank.

Our Cybersecurity Advisory Programme is aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which organisations can use to:

  • Describe their current cybersecurity posture;
  • Describe their target Profile for cybersecurity;
  • Identify and prioritise opportunities for improvement within the context of a continuous and repeatable process;
  • Assess progress toward the target Profile; and
  • Communicate among internal and external stakeholders about cybersecurity risk.

The NIST Cybersecurity Framework can be used to either develop or improve upon a cybersecurity programme. Given there are 108 sub-categories which define the framework, we have automated the process of completing an initial assessment so you can get on with making improvements. Your conformance with the programme and priority areas can then be re-assessed as often as you like so you can progress through the Implementation Tiers without the need to re-produce time intensive reports.

Using the Framework, we will guide you in your cybersecurity activities, considering cybersecurity risk as part of your management processes. The Framework is a set of cybersecurity activities, outcomes and references, which are defined at a high level below:

  • Identify – Develop an organisational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enable an organisation to focus and prioritise its efforts, consistent with its risk management strategy and business needs.
  • Protect – Develop and implement appropriate safeguards to ensure the delivery of critical services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event.
  • Detect – Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.  The Detect Function enables timely discovery of cybersecurity events.
  • Respond – Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. The Respond Function supports the ability to contain the impact of a potential cybersecurity incident.
  • Recover – Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.

Contact us to arrange a consultation.