
NIST FRAMEWORK:
Our Approach to
Cybersecurity
WHY NIST? The National Institute of Standards and Technology’s (NIST, founded in 1901) Cybersecurity Framework is the gold standard in the industry to improve critical infrastructure cybersecurity. YOU deserve the best.
This framework enables your organization to apply the principles and best practices of risk management to improve security and resilience.
Overarching goal – Reduce and better manage cybersecurity risks, improving YOUR security posture and resilience.

Framework function
A set of cybersecurity activities, desire outcomes, and references common across critical infrastructure sectors.
standards, guidelines, & practices
This process is engaged continuously to continue to learn and improve.

The focus is on the business and how it relates to cybersecurity risk. This is time to review all resources at hand. Lays groundwork for cybersecurity-related actions that clients will take moving forward. Review: what is currently in the environment, risks associated with environments, how it relates in context with the business’ goals.
Allows us to understand all assets and environments, define current and desired states of controls to protect those assets, and a plan to move from current to desired state of cybersecurity.

Supports the ability to limit or contain the impact of a potential cybersecurity event.
This is the proactive step in the framework; access control and awareness/training.

Enables the timely discovery of cybersecurity events.
Prepare your team to have the knowledge to collect and analyze data from multiple points to detect a cybersecurity event.

This function employs response planning, analysis, and mitigation activities. Incident response plan is developed and implemented, ensuring compliance with necessary reporting requirements encrypted and transmitted securely.
What steps are you willing to take to remediate identified risks to your organization?

Recovery procedures are tested, executed, and maintained so that your program can mitigate the effects of an event sooner rather than later.
Recovery planning and processes are improved when events happen, and areas for improvement are identified and solutions put together.
