Welcome back to the Wave! We took a bit of a break and now we have geared up and are ready to get back into the water.
Seemless Transition LLC has undergone quite a bit of growth over the last few months. We have partnered with 7Sigma Systems and CyberESI to bring a Cybersecurity Risk Management package to clients looking to meet their regulatory requirements. We provide a Cybersecurity Risk Management Plan, Gap Analysis, and Table Top exercise. This package gives organizations a holistic approach to jump starting a cybersecurity risk management program. Whether or not you have regulations to meet, this package can get your organization quick wins and moving in the right direction on your cybersecurity risk management journey.
As you might imagine, this package leverages best practices and standards we have encountered over the years. Specifically, we are using the new NIST CSF v2.0. The addition of the Govern Function allows implementers to pull out some of the “management-ese” into a separate organizational location and free up some of the technical cycles for technical activities. This specialization of labor has been really working for our clients as it more cleanly maps to organizational charts.
We are finding great success fitting the CSF v2.0 in conjunction with the suite of documents associated with NISTIR 8286 - Integrating Cybersecurity and Enterprise Risk Management. With the ERM resources providing an umbrella of organizational top cover, the CSF Govern Function can act as a drum beat for all cybersecurity risk management activities provided in Identify, Protect, Detect, Respond, and Recover.
It has been rewarding (and eye-opening) to take the documents I have been working on for the last 10 years and make them tangible for real world scenarios. I’ll probably be writing a bit more regularly on the lessons learned from these engagements. I’m excited to share some upcoming work with more OLIRs, the new Cybersecurity and Privacy Reference Tool (CPRT), and even a new product that is Coming Soon(TM) to the Seemless Transition Tools page.
If there are any topics you are interested in, questions you have, or want to learn more about Cybersecurity Risk Management offerings, shoot us an email at info@yourcyberwork.com.