{"id":4091,"date":"2020-01-24T09:08:25","date_gmt":"2020-01-23T21:08:25","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=4091"},"modified":"2020-01-24T09:08:25","modified_gmt":"2020-01-23T21:08:25","slug":"with-yet-another-it-security-warning-from-the-nsa-were-being-asked-so-what-is-best-practice","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=4091","title":{"rendered":"With yet another IT security warning from the NSA, we’re being asked “so what is best practice?”"},"content":{"rendered":"

[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”3.22″][et_pb_row admin_label=”row” _builder_version=”3.25″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text admin_label=”Text” _builder_version=”4.9.1″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” hover_enabled=”0″ sticky_enabled=”0″]<\/p>\n

Aligning with NIST…..?<\/strong><\/h2>\n

Is your Cybersecurity protection matching best practice?<\/strong><\/h3>\n

Clearly the cybersecurity stakes are higher.\u00a0 The security precautions that used to be reasonable are no longer enough.<\/strong>\u00a0 Stakeholders expect businesses to do more \u2013 whether it\u2019s your insurer, your bank, your shareholders or your clients.<\/p>\n

The best guidance on \u201creasonable\u201d is the \u201cNIST\u201d Cybersecurity Framework.\u00a0 This is also reflected in NZ in the government\u2019s CERTNZ programme.<\/p>\n

So what is NIST, and how does Kinetics help you match the standard?<\/strong><\/h2>\n

The great news is that we\u2019ve built our KARE for Security service following this guidance.<\/p>\n

So, what do you need to do to match \u201creasonable\u2019? Is KARE for Security enough?<\/p>\n

 <\/p>\n

In 2018 the US Department of Commerce, National Institute of Standards and Technology (NIST) released version 1.1 of its Cybersecurity Framework.\u00a0 The Framework was mandated by the US government to improve cybersecurity risk management in critical infrastructure.\u00a0 Because it references globally recognized standards for cyber\"\"<\/a>security, the Framework is used internationally as a guide to strengthening cybersecurity in critical infrastructure as well as other sectors and communities.<\/p>\n

The Framework consists of five Core Functions which organise the basic cybersecurity activities at their highest levels.<\/p>\n

Kinetics KARE For Security practices and features align with the five Core Functions. The list of features implemented, and the degree of their implementation, can vary from client to client depending on the client\u2019s commitment, technology and business needs.<\/p>\n

Identify<\/h3>\n

 <\/p>\n

NIST Description Develop an organisational understanding to manage cybersecurity risk to systems; people; assets; data; and capabilities.<\/p>\n

The activities in the \u2018Identify\u2019 function are foundational for effective use of the Framework.<\/p>\n

Understanding the business context; the resources that support critical functions; and the related cybersecurity risks enables an organisation to focus and prioritise its efforts; consistent with its risk management strategy and business needs.<\/p>\n

Examples of outcome categories within this function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy”]<\/p>\n

KARE for Security A FlightPlan review covering your technology; governance, risk identification and options on how to reduce it.<\/p>\n