What is a National Institute of Standards and Technology (NIST)?
The National Institute of Standards and Technology is a non-regulatory government agency that develops technology, metrics, and standards to drive innovation and economic competitiveness at U.S.-based organizations in the science and technology industry. As part of this effort, NIST produces standards and guidelines to help federal agencies meet the requirements of the Federal Information Security Management Act (FISMA). NIST also assists those agencies in protecting their information and information systems through cost-effective programs.
Applicability
NIST is a federal agency within the United States Department of Commerce. NIST’s mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. NIST is also responsible for establishing computer- and information technology-related standards and guidelines for federal agencies to use. Many private sector organizations have made widespread use of these standards and guidelines voluntarily for several decades, especially those related to information security.
Objective
The NIST CSF uses these 5 core areas to evaluate security controls:
- Identify
- Protect
- Detect
- Respond
- Recover
These five areas represent the lifecycle of cybersecurity risk. Each area has categories tied to specific needs and activities. Each category is further broken down into subcategories, standards, guidelines, and practices which are needed to accomplish the outcome for that category.
Approach
Our approach has been covered in phases as mentioned below:
Phase 1: Understand Business Process
Understanding the environment and management’s expectations along with the policies and procedures.
Phase 2: Identify Risks and Controls
Identify target processes and understand the process flow, risk, information assets and controls pertaining to processes.
Phase 3: Controls Design Testing
Identify controls based of NIST and prepare the issue and opportunity registers, test the control design and identify deficiencies. Prepare risk mitigation plan and calculate the residual risks.
Phase 4: Controls Evaluation
Perform internal audit and identify the control weaknesses and impact of deficiencies.
Phase 5: Reporting
Why CyberSRC®?
Established in January 2018, CyberSRC Consultancy offers the full machination of cyber security services ranging from threat intelligence, VMS to general advisory services in areas pertaining to Cyber security such as vulnerability attacks, compliance, and cyber security regulations, and laws. We are into system audits such as ISNP Audits, NBFC Audits, UCB Audits, PPI Audits, and SEBI Audits. We provide our solutions with better accountability. We are a certified assurance firm. We are an ISO 27001 certified organization, backed by a very diverse and dynamic team which have a combined experience.