Description

This is a multi-part series to assist the participant in evaluating all the necessary components to conducting a cyber risk assessment. The purpose of a cyber risk assessment lies in the objectives of ensuring:

• Availability
• Confidentiality
• Integrity of data
• Integrity of processing

We utilize the National Institute of Standards and Technology (NIST) cybersecurity framework to walk through various elements that should be considered with a cyber risk assessment.   A previous segment delved into the first function outlined by NIST which is the “Identify” concept. This segment will delve into the “protect” function.

We try to protect our information assets and systems against attack. Protection strategies can be the first line of defense, and breaches usually are a failure of protection strategies. Utilizing the concepts of categories and sub-categories an organization can effectively begin to map out their cyber risk process. The sub-categories of the protect function include:

• Awareness control
• Awareness and training
• Data security
• Information protection and procedures
• Maintenance
• Protective technologies

This segment is dedicated to delving into each of these sub-categories and outlining possible considerations for protecting information and cyber assets.

Training for all programs related to cyber security by this trainer are utilizing the framework of the National Institute of Standards and Technology (NIST) as a model. This information is freely available in the public domain. For more detailed information on the framework please refer to NIST.org.