Wave #7

How to get started quickly in cybersecurity risk management

As we all know, cybersecurity is a prominent issue facing a lot of board rooms these days. Many news stories are continuing to come out, focusing on ransomware attacks, data breaches, and high profile CISO lawsuits. It is safe to say that many business leaders are feeling the heat of having a handle on cybersecurity. At the same time, resources are continually strained due to rising costs, supply chain issues, and staffing shortages. So what is an organization to do when feeling pressures from all sides?

Many of our cybersecurity risk management clients have had this question or similar questions during an engagement. The bad news is they are facing the same issues as everyone else is, the good news is there are a answers. Enter the CSF 1.1 Quick Start Guide (CSF QSG). For organizations that are trying to wrap their hands around the cybersecurity problem, the CSF QSG offers an excellent place to start.

At its base, the CSF QSG is a small, 3 page Profile of the CSF Core Functions. The CSF QSG uses the common, best-practice language of the CSF Functions: Identify, Protect, Detect, Respond, and Recover. These plain language phases of cybersecurity are extremely useful when communicating your activities to clients, employees, and board members. The words mean what you think they mean; there’s no jargon behind them.

The second main benefit of the CSF QSG is that it is action based. Instead of wading through the 108 outcomes of the CSF and translating those into practice, the CSF QSG offers actionable tasks to get started. Many organizations get bogged down in trying to map the CSF into control frameworks, selecting applicable controls, and trying to track all of this in an ad hoc process. While this type of approach is more rigorous and a great idea for larger, more resourced organizations, it simply is too much overhead for less resourced organizations.

Now, the CSF QSG is not a silver bullet and won’t solve your organization’s problems overnight, but it will give you a central document to organize around. Ultimately, it is up to your organization to execute the activities, but you can feel confident knowing the CSF QSG has been derived from standards and best practices.

If you have questions or concerns with how to get started or managing your cybersecurity risk management program, message

us at info [at] yourcyberwork.com. We offer quick start services, risk management plan development, and vCISO services.