How to Apply NIST Cybersecurity Framework to your Organization
Remember, in the last post, when I referred to DE.CM-7? I’m going to use this specific code again for my example if you’d like a refresher on how the NIST Framework is organized, please feel free to go back to the last post and read about it! So, DE.CM-7 is detecting, continuously monitor, then the seventh sub-item. But what does that exactly mean? This specific item refers to detecting and monitoring unauthorized users in your system. Often, attackers will steal or compromise accounts, especially powerful administrator accounts, and use them to do all sorts of nefarious things that can result in a data breach or unexpected downtime for your organization. DE.CM-7 is very important then because quicker, you can discover that you have an intruder, and the more likely it is that you can prevent an already bad incident from becoming much worse.
So, what could you do to mitigate this risk? A lot of executives immediately assume they need to buy and install some expensive product, then think, “Well, I need to do that, but that’s so expensive. Maybe I need to find a vendor to implement it for me, or maybe I need to outsource that.” But that isn’t your first stop on this journey! Don’t try to skip directly to some highly scalable, automated, or extremely expensive tool. You can start very simply, and you probably have everything you need right now, or if not, you can acquire them cheaply.
Your systems are already writing logs today about everything that happens. It’s doing the continuously monitor function for you already! Now you’ll have to collect the right data to fulfill the detect function, which can be done through cheap tools or can be done by a highly technical person on your team. All you need is someone who has the judgment and knowledge to spot the patterns and intrusions and trust me when I say that turning to some top-of-the-line machine learning solution or trying to look and sort through everything is biting off more than you can chew. Even the largest enterprises don’t get this right, which leads to them losing millions of dollars. I’ll get into some examples of these enterprises in my next post.