Looking to the future, we actually see an increasing role for the Cloud. Partly due to the pandemic that has gripped the world for almost two years now, digitalisation has taken a big leap and passed this veritable baptism of fire with reasonable success. Workplaces have become a lot more digital, all kinds of applications and services can be accessed anytime, anywhere. However, this is not without its risks. The very fact of being able to access online anywhere also increases the attack vectors. Protecting data is more than ever a hot topic.
NIST CYBERSECURITY FRAMEWORK
Security is therefore a crucial element of the Cloud and Fundaments wants to be able to offer maximum security of this. We are therefore not a believer in just one security measure, but in a set of measures. We do this based on the NIST Cybersecurity Framework. Within this, we see five phases, namely: Identify, Protect, Detect, Respond and Recover.
IDENTIFY
Identify involves understanding the organisational environment, the resources supporting critical functions and the associated cybersecurity risks. This allows you to create focus and prioritise your efforts in line with the risk management strategy and organisational requirements set up for that purpose. You can do this by mapping out the following five steps:
1. Asset management: knowing what you have;
2. Business environment: knowing what kind of environment something is in;
3. Governance: knowing what policies and regulations something has to comply with;
4. Risk assessment: knowing how to assess and interpret risks;
5. Riskmanagement strategy: knowing how to deal with risks.
PROTECT
Protect is about taking appropriate security measures to prevent or minimise a security incident. This includes setting up appropriate security measures to guarantee the delivery of critical (infrastructure) services and to limit or prevent the impact of a security incident. This can be done by applying, amongst other things: firewalling, DDoS laundry lane and Backup as a Service.
DETECT
For detect you take care of implementing and developing measures to detect a security incident. This involves identifying and interpreting suspicious traffic and behaviour, applying continuous monitoring of the network and users, as well as ensuring that processes and procedures are present in line with the organisation's requirements.
“Once you have your house built, you need to put some items in your house to alert you to any pending danger or threats. These could be things like smoke detectors, carbon monoxide detectors and home alarm systems. Using that same analogy of building a house this would be the Detect function.”
RESPOND
At respond, you ensure that procedures and processes are set up to act appropriately after a security incident is detected. The aim is to reduce the impact as much as possible. This can be achieved by making a schedule describing who takes which action and when. Ensure a thorough communication plan and a comprehensive analysis of what happens. Mitigating measures should also be ensured and, of course, lessons should be learned from the incident in order to apply improvement opportunities.
RECOVER
With recovery, you ensure that measures are in place to restore the services and systems affected by the security incident back to normal. You can achieve this by developing and implementing procedures that increase resilience and offer possibilities to recover services and systems affected by the security incident. Again, you need to draw up a thorough plan, not only in terms of recovery, but also in terms of communication.
Our Solution Consultant Colin talks more about the NIST Framework in the Expert Clip below. In only four minutes, he talks you all the way through.
