Our favorite cybersecurity model is the NIST Cybersecurity Framework.
Here is a short overview of the mental bins of this framework:
Understand and Identify: Organizations need to understand and identify cyber risks to business, assets which need to be protected, as well as resources required to operate. You must know yourself and know the threat. It is also important to know best practices in defense.
Protect: Developing appropriate safeguards that can mitigate the impact of a breach of compromise of employee information or damage to your online presence are key. This is the meat of your plan. A good cyber defense will protect the right things and ensure if there is a breach that its impact is mitigated.
Detect: Current operations in defense of networks and a study of the history of cyber crime leads to the unfortunate conclusion that the bad guys will continue to breach networks and gain unauthorized access to information. When the right protections are in place their actions can be contained. Putting the right tools and processes in place to detect issues are also key to taking the right action.
Respond: When a cyber event occurs the processes should be in place to enable a rapid response. Response will depend on the nature of the incident, but could include notification of clients, partners, suppliers, law enforcement and others. It could also include bringing in outside help to push the adversaries out and improve defenses.
Recover: Planning for recovery can help return your business to normal operations as fast as possible.
Do you have other tips we should know about? Please contact us here and let us know what we should know.