Skip to main content
Reading Time: 4 minutes

Cybersecurity is a major enterprise risk that senior leaders must consider, just like financial and reputational risks

Cybersecurity is now a major enterprise risk that senior leaders must consider, just like financial and reputational risks. So how can you make sure you are doing everything in your power to make your IT secure?

One significant leap forward in the last 10 years has been the development of guiding frameworks by the likes of; the National Cyber Security Centre (NCSC) in the UK, National Institute Science & Technology (NIST) in the US and NIS2 in Europe.  You can use these frameworks to your advantage to measure your cyber risk. Let’s take a quick look over the key frameworks and how you can benefit from them.

NIST Cybersecurity Framework

The NIST Cybersecurity Framework (CSF) 2.0 it was released Jan 24.  It provides valuable guidance for organisations to manage and reduce cybersecurity risks. Like all good frameworks it needn’t be reserved for big business, in fact there is a quick start guide for all sizes of organisations.

Here’s how your company can leverage it to enhance the security of your business IT:

          1. Understand the Framework:
            • Familiarise yourself with the CSF 2.0. It’s designed for organizations of all sizes and sectors, including industry, government, academia, and non-profits.
            • Recognize that it’s useful regardless of your organisation’s maturity level or technical sophistication in cybersecurity.
          2. Assess Your Current State:
            • Evaluate your existing cybersecurity practices and identify gaps.
            • Use the CSF to assess your organization’s current cybersecurity posture.
          3. Identify Critical Assets and Risks:
            • Determine the critical assets (systems, data, networks) that need protection.
            • Understand the specific risks associated with these assets.
          4. Set Goals and Priorities:
            • Define clear cybersecurity goals aligned with your business objectives.
            • Prioritise areas where improvement is needed.
          5. Implement the Framework:
            • Use the CSF’s core guidance to create a customised plan.
            • Address the five key functions:
              • Identify: Understand your assets, risks, and business context.
              • Protect: Implement safeguards to prevent and mitigate threats.
              • Detect: Establish mechanisms to identify security incidents promptly.
              • Respond: Develop an incident response plan.
              • Recover: Plan for recovery after a security incident.
          6. Governance and Leadership:
            • Involve senior leadership in cybersecurity decisions.
            • Establish governance structures to oversee cybersecurity efforts.
          7. Supply Chain Security:
            • Consider supply chain risks. Ensure your vendors and partners follow secure practices.
          8. Continuous Improvement:
            • Regularly review and update your cybersecurity program.

Remember that the cybersecurity framework is flexible, allowing you to tailor it to your organisation’s unique needs. NIST have put together some great resources to help you. For more detailed information, refer to the NIST Cybersecurity Framework 2.0 Resource & Overview Guide.

The important thing is that you do take action. Using the frameworks available will prevent you from missing something, or re-inventing the wheel.

National Cyber Security Centre (NCSC) Cloud Security Principles.

The NCSC has lots of excellent tools to support your cybersecurity journey.  It has 14 simple guiding principles for the use of cloud.

The NCSC have put together some excellent guidance and offers 14 Cloud Security Principles to protect your business from a debilitating breach. Let’s decode them:

          1. Data in Transit Protection:
            • Encrypt your data as it travels through networks—inside and outside the cloud.
          2. Asset Protection and Resilience:
            • Shield your data and assets from physical tampering, loss, or damage.
          3. Separation Between Customers:
            • Ensure isolation between different customers’ data and services.
          4. Governance Framework and Operational Resilience:
            • Establish governance structures. Involve senior leadership.
          5. Operational Security:
            • Monitor operations proactively.
            • Ensure change management processes are in place.
            • Make sure you know how to respond to an incident.
          6. Personnel Security:
            • Have a high level of trust your staff and suppliers, but also have the technological tools in place to limit any damage their actions could have.
          7. Secure Development
            • If you develop software this one is for you, make sure your software is developed in-line with these principles.
          8.  Supply Chain Security
            • Make sure your suppliers are adhering to these principles too.
            • Know your supplier and their dependencies.
          9. Secure User Management
            • Use Identity and Access controls to prevent breaches.
            • Maintain data confidentiality, integrity and accuracy through role-based controls.
          10. Identity and Authentication
            • All access should use authentication and authorisation.
            • Ensure multiple factors are required to access services.
            • Create a robust process for joiners, movers and leavers.
          11. External Interface Protection
            • Protect less-trusted interfaces.
          12. Secure Service Administration
            • Recognise that admin systems should be protected and audited.
          13. Audit Information & Alerting
            • Have systems that alert in response to security incidents.
            • Keep logs of incidents.
          14. Secure Use of Cloud Services
            • Your service provider should meet all of the above 13 principles!

Each of these principles is a subject area itself, but five of them can be grouped together with the right tool, such as a secure identity platform, simplifying your resources. For more detailed look at the NCSC’s Cloud Security Principles click here.

If this looks like a lot to cover, fret not, we have created an assessment that measures your identity cyber risk against 600+ factors from the NIST CSF and the NCSC Cloud Security Principles.  But best of all, we can provide you with a clear roadmap to get you to the highest identity security standards.

five of them can be grouped together with the right tool, such as a secure identity platform.

The important thing is that you do take action. Using the frameworks available will prevent you from missing something, or re-inventing the wheel.  Approach your cybersecurity as you would approach any significant business threat and prevent the loss of earnings, reputational damage, legal and regulatory issues that the fallout  a poor security posture can bring.