Numerous cybersecurity threats have been targeting and infiltrating government networks at fever pitch. To address this rising tide of security breaches, the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity, a voluntary set of guidelines and industry best practices for diminishing cyber risks to organizations, was released in early 2014.
Since then, the framework has provided much needed support to federal agencies by recommending risk-based guidelines to alleviate risk and create a more robust security protocol. After commissioning a survey to determine how this framework is being utilized by the federal government, Dell Software discovered that the majority of federal agencies are following the framework.
The online survey, sponsored by Dell Software and conducted by technology research firm Dimensional Research, questioned 150 federal IT and security professionals to determine their attitudes and approaches to securing the federal government’s cyber footprint.
The survey’s findings revealed that although compliance with the framework is not required, 74 percent of organizations currently utilize the framework as the foundation of their cybersecurity roadmap. According to the respondents, the framework has become a vital tool for improving organizational security.
Eight-two percent of respondents’ organizations use the NIST framework to improve their overall security position. Sixty-eight percent said it improved organizational security and 39 percent said that it created a uniform approach to discussing security.
In addition, 84 percent of respondents said they have confidence in their organization to take the actions necessary to defend against insider threats.
“As security threats continue to increase in sophistication and frequency, holistic security is crucial,” said Paul Christman, VP of Federal, Dell Software. “The NIST Cybersecurity Framework empowers agencies to identify, detect, protect, respond and recover from cyber threats, and it can serve as an excellent resource for government.”
The survey results concur with Christman’s statement. Being confident in the federal government’s IT security posture is vital. The more organizations understand this, the better they will be able to position themselves to face ever-evolving cybersecurity threats.
While understanding the necessity of securing sensitive data and information, federal IT professionals know the importance of always enhancing their efforts; what worked yesterday may work today, but it may be outdated by tomorrow.
In light of these findings, Dell recommended agencies take the following steps to apply the NIST Cybersecurity Framework and develop a sound cyber strategy:
- Prioritize and scope mission objectives and priorities;
- Match critical systems with threats;
- Create a current cybersecurity technology profile based on Framework categories;
- Conduct a risk assessment;
- Create a target profile (an organization’s desired state);
- Determine, analyze and prioritize gaps between mission priorities, critical systems, current technology profile, desired state and risks; and
- Develop a strategy to address the items uncovered in Step 6.
“To encourage agencies to fully utilize the framework and take advantage of its many benefits, a number of government departments and agencies, associations, academic institutions and organizations, including Dell, have developed resources, additional guidance and useful tools to help support the framework,” Christman said.