pixel_dreams - Fotolia


Enhance your DR plan with the national cybersecurity framework

Paul Kirvan explains how the national cybersecurity framework can help enhance your DR plan.

Recent cybersecurity breaches of prominent retail organizations like Target, Home Depot and eBay, have sent a significant reminder to IT professionals about the importance of security. While many organizations have robust perimeter protection measures in place, many others have only a bare minimum of perimeter protection.

The National Institute of Standards and Technology (NIST) offers a security framework that is designed to help organizations execute IT security activities. Released in February 2014, the national cybersecurity framework and its associated roadmap provide a structured model for planning and implementing programs to proactively identify and neutralize potential IT security threats.

While the value of this framework to information security is obvious, it also contains important guidance for business continuity professionals. The Framework can help enhance your existing planning efforts by ensuring you are also addressing the information security issues relevant to your organization.

From a business perspective, everything that threatens the continued operations of an organization is a matter for business continuity. Availability of the new cybersecurity framework is yet another reason why BC/DR and information security professionals should partner together to ensure their organization is protected from all types of internal and external threats.

The following tips will help you effectively leverage the framework for your own cybersecurity programs.

Assuming you already have a cybersecurity program in place, the framework provides a useful benchmark to ensure you are covering all the bases. If you are considering a cybersecurity initiative to augment your existing information security activities, the framework offers a structured model for how you can build a cybersecurity activity.

Figure 1 depicts a high-level view of the Framework. The boxes on the right offers advice on how each section can be used to enhance BC/DR planning.

Each section of the Framework can be used to enhance your business continuity and disaster recovery plans.
Figure 1

The "Identify" and "Protect" functions help prepare your organization for potential cyberthreats through a combination of risk management activities, understanding of the business environment and requirements for security, analysis of existing security and access control measures, and education.

Compare your current understanding of how security factors into your business operations, and use the framework to identify modifications to ensure you and your employees are fully prepared for a possible attack.

Proactive "Detect" measures ensure your network access points, e.g., firewalls, are sufficiently protected with equipment such as intrusion detection systems (IDS) and intrusion prevention systems (IPS). Your goal is to quickly identify and characterize any packets or streams of packets that are abnormal and outside of acceptable packet sequences.

Once an anomaly has been identified, the "Respond" step involves capturing the anomaly and quarantining as quickly as possible so it cannot enter your systems and cause damage.

Finally, the "Recover" step includes plans and processes to recover systems and data so normal business functions can be resumed.

Chances are your organization already addresses all or most of the above cybersecurity framework functions. As cybersecurity threats get more pervasive and more sophisticated, your existing preventive measures may need more frequent updating. The Roadmap document offers some interesting tips.

Cybersecurity roadmap initiatives

1. Increase authentication: Increase your security with this important process. For example, an easy change is to switch to two-factor authentication, e.g., using a password in addition to a token or biometrics (e.g., thumb scan). Additional steps include changing passwords more frequently, e.g., every 30 days, and requiring more complex (e.g., at least 16 characters) passwords.

2. Sharing indicator data: Obtaining data about specific security events, e.g., occurring before and during an incident response, and then sharing that data with other organizations can help others prevent, detect and mitigate similar occurrences as they happen. Indicator data can be obtained from IDS/IPS equipment, for example.

3. Conformity assessment: As standards and metrics are defined to address cybersecurity threats, conformity assessments ensure products, services and/or systems meet the requirements for addressing -- e.g., detecting, addressing and mitigating -- those threats.

4. Educated cybersecurity workforce: Existing standards and practices for information security are constantly evolving to respond to the growing number of cybersecurity events. Security professionals need to regularly update their skills to be fully capable of dealing with new and more powerful cybersecurity threats.

Framework downloads

Download the framework at the following link: http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf

Download the Framework roadmap at the following link: http://www.nist.gov/cyberframework/upload/roadmap-021214.pdf

5. Cybersecurity data analytics: Data gleaned from cybersecurity breaches and other major events must be carefully analyzed to identify key characteristics of those events. Big data and the rapid growth of analytics tools provide opportunities to process structured and unstructured cybersecurity data. To make this possible and valuable, there must also be sufficiently powerful mathematical algorithms, performance metrics and data analysis methods that leverage big data technologies.

6. Alignment of federal cybersecurity programs: While the national cybersecurity framework and roadmap were developed primarily for government agencies, they can also be adapted for use in the private sector. Alignment of these programs with other Federal standards (e.g., FISMA) ensures all government agencies will have a consistent and repeatable means of managing cybersecurity risks and threats.

7. Global implications: Because the framework and roadmap reference globally accepted standards and practices, they can be used to strengthen cross-border security practices, thus providing a uniform and consistent security structure.

8. Supply chain risk management: With increasing focus on cybersecurity threat management across supply chains, the framework provides a structure which all members of a supply chain can use, especially for organizations doing business with government agencies.

The framework can assist your business continuity and disaster recovery efforts by providing an easy-to-understand and use planning model that can be adapted to BC/DR initiatives. Be sure to also review standards developed by the National Institute of Standards and Technology (www.NIST.gov), especially SP 800-53, which addresses information security practices.

About the author:
Paul Kirvan, CISA, FBCI, works as an independent business continuity consultant and auditor, and is secretary of the U.S. chapter of the Business Continuity Institute and member of the BCI Global Membership Council. He can be reached at [email protected].

Next Steps

Strengths, weaknesses of NIST cybersecurity framework

NIST cybersecurity framework data encryption and notification

Mixed reviews for final version of NIST cybersecurity framework

Dig Deeper on Disaster recovery planning - management