7 Steps to Implement & Improve Cybersecurity with NIST
The NIST CSF provides a 7-step approach for the implementation and improvement of their cybersecurity posture utilizing the NIST CSF.
The 7-steps include:
Step 1
Prioritize and Scope. The organization identifies its business/mission objectives and high-level organizational priorities.
Step 2
Orient. The organization identifies related systems and assets, regulatory requirements, and overall risk approach and then identifies threats to, and vulnerabilities of, those systems and assets.
Step 3
Create a Current Profile. The organization develops a Current Profile by indicating which Category and Subcategory outcomes from the Framework Core are currently being achieved.
Step 4
Conduct a Risk Assessment. The organization analyzes the operational environment in order to discern the likelihood of a cybersecurity event and the impact that the event could have on the organization.
Step 5
Create a Target Profile. The organization creates a Target Profile that focuses on the assessment of the Framework Categories and Subcategories describing the organization’s desired cybersecurity outcomes.
Step 6
Determine, Analyze, and Prioritize Gaps. The organization compares the Current Profile and the Target Profile to determine gaps. Next, it creates a prioritized action plan to address those gaps that draw upon mission drivers, a cost/benefit analysis, and understanding of risk to achieve the outcomes in the Target Profile.
Step 7
Implement Action Plan. The organization determines which actions to take in regards to the gaps, if any, identified in the previous step.