Skip to content
Home Info & Advice

Security Situational Awareness – March 2023

white printer paper on green typewriter

The National Institute of Standards and Technology(NIST) Cyber Security Framework (CSF) is one of the de facto frameworks used by organisations to implement security controls and reduce cyber security risks. The current version of the framework has five high-level core functions – Identify, Protect, Detect, Respond and Recover. These functions are further broken down into various security capabilities to protect the organisation.

A major update of the CSF has been planned and NIST has released a proposal paper detailing the changes that can be expected. Two of the most significant changes in the paper are the addition of a Govern function to the existing core functions and the expansion of the Supply Chain Management content to the extent that they are considering making it an additional high-level function.

Typically, security frameworks concentrate on security controls and the implementation of these to reduce the risk and impact of cyber attacks on the organisation with little focus on the risk management, security policies, processes and how to effectively measure the security control effectiveness. The new govern function will address these gaps and provide a more comprehensive approach to the management and measurement of security and risk for the organisation.

Most of our efforts and resources are spent enhancing internal controls and training our staff on cyber security risks and to a lesser extent around our supply chain security. Gaining unauthorised access through partners is becoming an increasingly effective and lucrative method as partner controls are often easier to circumvent.

Some tips in dealing with the supply management risk:

  • Ensure that security is incorporated into supplier agreements and contracts. These should include the expected security controls, privacy requirements and ensure that your suppliers are mandated to report any suspected security incident that could impact your data and operations.
  • Regularly assess third party security controls,
  • Develop incident response playbooks that include the response to a breach in your supply chain.
  • Implement additional monitoring and alerting for third party access to systems and resources.

Regularly review all suppliers for compliance of security control and privacy expectations and requirements.

Facebook
Twitter
LinkedIn
  • Read more

Related Posts

Netskope Named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Service Edge.

Secure, optimized work from anywhere is already recognized as a necessity and a primary business opportunity for all IT teams. SSE successfully enables this by converging Web Proxy (SWG), ZTNA, CASB, and DLP into one, powerful, high-performing solution.

Overland Footwear Reduces Vulnerability Risks With Illumio.

Overland’s security is up against the unique challenges of a retail environment. Anyone can walk up to a point-of-sale system and try to gain access when no one’s looking, a problem that’s amplified when staff share passwords to serve customers quickly.

Mis- and disinformation are fundamental tools for hackers.

Something interesting caught my eye, and it is the intersection between misinformation, disinformation, and cyber security and the World Economic Forum’s perceived level of the threat we all face.