Skip to content
Home Info & Advice

Security Situational Awareness – March 2023

white printer paper on green typewriter

The National Institute of Standards and Technology(NIST) Cyber Security Framework (CSF) is one of the de facto frameworks used by organisations to implement security controls and reduce cyber security risks. The current version of the framework has five high-level core functions – Identify, Protect, Detect, Respond and Recover. These functions are further broken down into various security capabilities to protect the organisation.

A major update of the CSF has been planned and NIST has released a proposal paper detailing the changes that can be expected. Two of the most significant changes in the paper are the addition of a Govern function to the existing core functions and the expansion of the Supply Chain Management content to the extent that they are considering making it an additional high-level function.

Typically, security frameworks concentrate on security controls and the implementation of these to reduce the risk and impact of cyber attacks on the organisation with little focus on the risk management, security policies, processes and how to effectively measure the security control effectiveness. The new govern function will address these gaps and provide a more comprehensive approach to the management and measurement of security and risk for the organisation.

Most of our efforts and resources are spent enhancing internal controls and training our staff on cyber security risks and to a lesser extent around our supply chain security. Gaining unauthorised access through partners is becoming an increasingly effective and lucrative method as partner controls are often easier to circumvent.

Some tips in dealing with the supply management risk:

  • Ensure that security is incorporated into supplier agreements and contracts. These should include the expected security controls, privacy requirements and ensure that your suppliers are mandated to report any suspected security incident that could impact your data and operations.
  • Regularly assess third party security controls,
  • Develop incident response playbooks that include the response to a breach in your supply chain.
  • Implement additional monitoring and alerting for third party access to systems and resources.

Regularly review all suppliers for compliance of security control and privacy expectations and requirements.

Facebook
Twitter
LinkedIn
  • Read more

Related Posts

Authsignal put operations with Advantage.

As a company providing authentication services for some of New Zealand’s iconic companies, Authsignal had just one specification for its Managed Detection and Response partner: be the best.

Security audits are on the rise, and that’s a very good thing for everyone.

We’ve seen a definite increase in the number and frequency of our clients (and organisations in general) conducting cybersecurity audits.

Phishing 2.0: How AI is Amplifying the Danger and What You Can Do.

Phishing has always been a threat. Now, with AI, it’s more dangerous than ever. Phishing 2.0 is here. It’s smarter, more convincing, and harder to detect. Understanding this new threat is crucial.