NIST

National Institute of Standards and Technology

IDENTIFY

Understand what you have in the organization

PROTECT

Figure out how you are going to protect the things you identified before

DETECT

Ongoing monitoring for breaches and other infiltration

RESPOND

Define ways to respond when a breach occurs.

RECOVERY

Tenants necessary to your business back up by 100% when you have responded.

We can implement this is 4 steps:

1. Access current controls/control access to data sensibly

2. Find where you want to be and how to get there

3. Create a plan to measure success

4. Implementation and ongoing control

Step 1: How you are handling threat information today? How often are vulnerability scans performed. When was the last time recovery processes and procedures were tested.

Step 2: GAP Analysis, Share results with board, Remediation steps.

Step 3: Goals and benchmarks. Utilize the NIST assessment as GAP Analysis. Create project plan. Step 4: Follow standards and set forth ongoing controls. Utilize tools/technologies that help you align. Establish an annual cost/benefit analysis. Defense in depth strategy. Continuous testing.