NIST - Cyber Security Framework (CSF)
NIST Overview
We have a 6-phase Methodology, to help you achieve successful compliance.
Project Phases
PHASE IDetermination of Cyber Security Objectives
This phase involves determining organisation cyber infrastructure and key stakeholder expectations.
PHASE IIGap Analysis and Risk Assessment
This phase involves performing gap analysis of the above listed objectives on one hand, and the applicable Cyber Security controls and related risks, on the other. The result of this analysis help the organisation their current status and newly identified risks.
PHASE III Control Design and documentation
This phase involves our methodology that involves distribution of risk, and control responsibility to internal stakeholders. This also includes nomination of key roles such as security officer – who will drive the ongoing compliance. In addition, we enable the organisation to define and implement key security processes that ensures ongoing compliance.
PHASE IV Monitoring and Tracking Implementation
This phase involves tracking the client risks, documentation and self-compliance on a regular basis till all internal controls are adequately implemented.
PHASE VPerformance Tracking
Once the control design is documented and accountability is established, it is time to measure the effectiveness of the controls. This phase involves measuring internal control changes on a scale of 0-100%. This gives assurance to internal stakeholders that the processes implemented are adequate (or at risk). If there are deviations or risks identified, they are treated.
PHASE VIInternal Audit
An independent assessment is performed to ensure and rate organisation maturity of handling future security risks on the cyber security framework.
