CyberVigilance – DROWN Decrypting RSA with Obsolete and Weakened eNcryption
March 10, 2016
PROTEUS announces the hiring of Cybersecurity Sales Specialist
April 4, 2016

CYBERVIGILANCE Case Study:

NIST Cybersecurity Framework Gap Analysis

Large healthcare company taps PROTEUS’ CyberVigilance™ service to build a robust gap analysis for a possible implementation of the NIST Cybersecurity Framework.

Introduction

Cyber risk management has become a crucial component in the safe and sound operation of healthcare organizations. Instances of cybercrime, including fraud and information theft, have grown exponentially in recent years, and threaten the overall security and reputational risk of healthcare institutions.

Challenged by this reality, a large healthcare company required a clear picture of their current security program relative to the best practices outlined by the NIST Cybersecurity Framework.

PROTEUS’ CyberVigilance™ solution was selected to provide a gap analysis that mapped the company’s current infrastructure practices and security posture against the NIST controls and provide the appropriate guidance to effectively and proactively manage any discovered risks.

NIST FRAMEWORK

The NIST Cybersecurity Framework has received considerable attention since it was published in February 2014 by providing a risk-based approach for cybersecurity protection of critical infrastructure systems and functions at all levels. The framework offers a way to take a high-level, overarching view of a company’s cybersecurity risk and includes a collection of informative references, existing standards, guidelines and practices.

Cyber threats pose one the gravest national security dangers that the United States faces.

Presidential Statement on the Cybersecurity Framework

Solution

RESEARCH: FRAMEWORK ASSESSMENT

CyberVigilance™ security experts carried out a gap analysis against the NIST Cybersecurity Framework standards. This was an in-depth exercise to review the effectiveness of the company’s existing infrastructure and security controls while assessing their level of compliance with the standard.

This independent risk assessment involved interviews with key business and technical staff members, review of policies and procedures, identification of information assets and lines of responsibility for them, and review of existing controls.

REMEDIATE:FRAMEWORK ANALYSIS

At the conclusion of the assessment phase, our CyberVigilance™ information security and risk management specialists organized all of the collected data in order to further analyze the results from the gap analysis and compared them to the NIST Cybersecurity Framework standards.

Using the CyberVigilance™ report card format to identify score differences, we examined areas of concern for all hardware, operating system, and database deployment levels to further identify specific areas for improvement.

As a result of the analysis, significant differences between the NIST Cybersecurity Framework standard and the current capabilities of the company were discovered.

RESPOND: FRAMEWORK ALIGNMENT

We reviewed our findings and recommendations with the key stakeholders in order to foster a dialogue to help the company align its tolerance for risk while prioritizing the implementation of the NIST Cybersecurity Framework standards.

Conveying this information helped the company prioritize the key issues in regards to upcoming budgeting and planning cycles and allowed them to examine where additional, more granular risk assessments and gap analysis should be performed.

RESULTS

Based on the findings CyberVigilance™ provided, the company was able to better understand the assessed variance within their infrastructure and security posture and gained immediate insight into quick win opportunities for improving their current practices.

CONCLUSION

The NIST Cybersecurity Framework was created with the realization that organizations needed high-level guidance for improving their cyber security defenses. This makes the framework well suited for any organization worried about ever evolving cyber threats.

CyberVigilance™ validated all NIST functions and categories and defined new subcategories aligned to the company’s capabilities, programs, and processes. Leveraging CyberVigilance™, the company was able to better determine their current and target security profile and determine their next steps to remediate the findings as they positioned themselves for future DoD Healthcare opportunities.

It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties

Executive Order 13636


About PROTEUS Technologies

PROTEUS Technologies, LLC (PROTEUS), is a leading provider of high-end Cyber Solutions, SIGINT and Technology, Research & Innovation, and Embedded Engineering software services to the Intelligence Community, Federal Executive Departments, HealthCare, and Commercial Industries. PROTEUS has a proven track record of excellence and commitment to client mission success. PROTEUS Headquarters is located in Annapolis Junction, MD with satellite offices in Columbia, MD, and is the 2010 winner of the prestigious DoD Nunn-Perry Award winner, multiple annual Baltimore Business Journal “Best Places to Work” awards, and the most recent Corporate America Software & Technology Award Winner for Innovation in Software/Systems Engineering.

If you are unsure how to protect your network, file shares, or want to become CyberVigilance™ certified, contact us today!

WordPress Appliance - Powered by TurnKey Linux