Skip to content
Home Info & Advice

Security Situational Awareness – March 2023

white printer paper on green typewriter

The National Institute of Standards and Technology(NIST) Cyber Security Framework (CSF) is one of the de facto frameworks used by organisations to implement security controls and reduce cyber security risks. The current version of the framework has five high-level core functions – Identify, Protect, Detect, Respond and Recover. These functions are further broken down into various security capabilities to protect the organisation.

A major update of the CSF has been planned and NIST has released a proposal paper detailing the changes that can be expected. Two of the most significant changes in the paper are the addition of a Govern function to the existing core functions and the expansion of the Supply Chain Management content to the extent that they are considering making it an additional high-level function.

Typically, security frameworks concentrate on security controls and the implementation of these to reduce the risk and impact of cyber attacks on the organisation with little focus on the risk management, security policies, processes and how to effectively measure the security control effectiveness. The new govern function will address these gaps and provide a more comprehensive approach to the management and measurement of security and risk for the organisation.

Most of our efforts and resources are spent enhancing internal controls and training our staff on cyber security risks and to a lesser extent around our supply chain security. Gaining unauthorised access through partners is becoming an increasingly effective and lucrative method as partner controls are often easier to circumvent.

Some tips in dealing with the supply management risk:

  • Ensure that security is incorporated into supplier agreements and contracts. These should include the expected security controls, privacy requirements and ensure that your suppliers are mandated to report any suspected security incident that could impact your data and operations.
  • Regularly assess third party security controls,
  • Develop incident response playbooks that include the response to a breach in your supply chain.
  • Implement additional monitoring and alerting for third party access to systems and resources.

Regularly review all suppliers for compliance of security control and privacy expectations and requirements.

Facebook
Twitter
LinkedIn
  • Read more

Related Posts

Advantage NZ wins SentinelOne APJ Partner of the Year.

In a week of wins for Advantage New Zealand, the company was named SentinelOne Asia Pacific Japan Partner of the Year, while also leading the pack in signing up for the vendor’s Singularity Platform service located in a new virtual data centre in Australia

Advantage introduces Enterprise LEO connectivity with Sat.One.

Palmerston North-based national solutions provider Advantage is adding satellite connectivity from Sat.One to its portfolio, bringing new enterprise-grade internet options to organisations across New Zealand

Top 6 Smart Office Trends to Adopt for an Improved Workflow.

The office landscape is undergoing a dramatic transformation. Gone are the days of sterile cubicles and monotonous routines. Today’s smart offices are hubs of innovation. They’re designed to empower employees, optimize workflows, and foster collaboration.