Industry standards and best practices to manage cybersecurity risks
In response to Presidential Executive Order 13636, NIST worked with the private sector to develop the Framework for Improving Critical Infrastructure Cybersecurity. The framework is a risk based approach and has three parts.
- The Core specifies a set of functions and categories that map to informative resources to achieve certain desired outcomes.
- The Profile represents outcomes based on business needs, risk tolerances and resources.
- Implementation Tiers provide a mechanism for organizations to view and understand their degrees of adherence to and maturity against the framework.
NIST Cybersecurity Framework
The Framework Core identifies five functions, each with specific activities across categories, which when considered together provide a high-level strategic view of the organization’s risk management lifecycle.
- Identify: enables understanding of the business context, the resources that support key functions and related risks so efforts can be focused and prioritized accordingly
- Protect: provides guidance on the safeguards necessary to limit or contain the impact of a potential security event
- Detect: details the appropriate activities to identify, in a timely fashion, a cybersecurity event should it occur
- Respond: encompasses the activities to counter a cybersecurity event and contain its impact once it is detected
- Recover: details the actions necessary to restore and remediate services that may have been impacted by the event
Solution requirement for Federal Agencies
Federal Agencies are very familiar with risk management processes, having been mandated to demonstrate compliance with NIST 800-53 SP4. Depending on the agency, this could be FISMA or RMF. Demonstrating compliance
can be challenging given the tedious data collection requirements, disparate and heterogeneous technologies strewn across the agencies, lack of real-time visibility into systems, and inability to customize and scale to organizational
The most effective way to implement the risk management guidance per the Cybersecurity framework is a solution that can meet real-time data collection, monitoring and reporting requirements across the infrastructure and organizational processes. At its core this solution should be:
Flexible: Must offer the capability to mirror the organizational profiles based on the framework including representation
Scalable: Must account for growth, including the ability to quickly incorporate new activities, users and processes
Central Management and Federated Access: Must provide centralized management through a single pane-of-glass to ensure consistent, easy management and self-reporting.
Data Source Agnostic: Must quickly interface with any and all data sources required to monitor, assess and meet risk management requirements
Real-Time Architecture: Must aggregate log data and other relevant information from across the agency in real time to achieve accurate situational awareness.
Deploy NIST Cybersecurity Framework with Splunk
Splunk is a cost effective, integrated yet customizable solution that can help meet an agency’s objective in employing the NIST Cybersecurity Framework. It can provide the visibility to help assess your current profile, continuously
monitor events and metrics across the organization for fast and informed decision making to manage risk effectively.
- Collecting asset inventory data including physical devices, software platforms and applications assisting with building profiles
- Deploying role-based dashboards and visualizations to communicate risk posture, activity status and outcomes across the organization from executive to operational levels
- Monitoring access control and user behaviors (internal and external) to detect any abnormal or unauthorized activities
- Monitoring network and data flows to detect potential cybersecurity events