Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
September October 20239GOVBUSINESS REVIEWComplexity is all around us­ if we can measure it, we can manage itLack of funding, complexity, staff shortages, and stress are not the only challenges cited, but as the "digitalization of everything" evolves, so too does the imperative to mature your cybersecurity program so that it can withstand current and emerging challenges. To start, assess your current maturity level with your agency's goals and objectives. Focus on your weaknesses. This may seem overwhelming at first, but without this step you will not have a solid foundation for a successful program. Leveraging a risk-based cybersecurity framework like the well-known National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) can help. There are other frameworks like ISO 27001 and the CIS; however, the NIST CSF is quickly gaining favor in government agencies. Choosing to implement a Framework like the NIST CSF will allow your agency to:·Assess and describe the current and targeted cybersecurity posture.·Identify gaps in your current programs and processes.·Identify and prioritize improvement opportunities using continuous and repeatable processes.·Assess progress toward reaching your target cybersecurity posture.·Demonstrate your organization's alignment with nationally recognized best practices.·Communicate cybersecurity posture in a common language to stakeholders.It is important to remember that the NIST CSF is a framework, not a prescriptive standard, so leverage it to mature your program in steps that directly align with your agency's unique goals, objectives, and compliance requirements. By standardizing at the organizational level on the NIST CSF, you will set your agency up to better address and manage challenges. Added benefits include better cybersecurity insurance rates and more opportunities for grant funding. Increasing numbers of government grants now require a NCSR survey, directly modeled from the NIST CSF. If you have not begun examining the NIST CSF and how it can help mature your cybersecurity program, now is the perfect time to do so. With your assessment in hand, you can then develop a cybersecurity strategy and roadmap that includes the people, process, and technology needed to achieve your goals. Building and supporting a highly functioning cybersecurity program is like building a three-legged stool. It requires an ongoing commitment to people, processes, and technology, and all three must be in alignment to support the weight of the program. If one leg of the stool is lacking, the other two will not be able to support the weight, often leading to less than perfect outcomes. With the right architecture, framework, strategy, and a strong organizational commitment to support it, you will be well on your way to addressing current and emerging challenges and ever-changing threat landscape.
< Page 8 | Page 10 >