Cybersecurity with NIST playbook

Cybersecurity incidents and breaches are occurring more and more frequently these days. Not only has the frequency increase but the different kinds of attacks have also changed. For companies and major corporations, it is no longer a question of if a cybersecurity issue happens, it is more likely a question of preparedness for when a cybersecurity attack happens. For this reason, the National Institute of Standards and Technology (NIST) has provided organizations with a playbook to help them formulate a prevention and recovery plan. The playbook is called the Guide for Cybersecurity Event Recovery and will help companies get back to business as quickly as possible.

What is the playbook

For all companies and organizations, prevention is a major element of cybersecurity. However, recovery is a vital part of theprocess of risk management to ensure business continuity. Prior to the NIST playbook, there had been no standards, guidelines or policies that were specifically geared towards recovery after experiencing a cybersecurity attack.

Researchers at NIST compiled the Guide for Cybersecurity Event Recovery to combine existing guidelines on contingency planning and incident handling. The consolidated guide also includes a NIST incident response process that can be used by all organizations to formulate their own recovery plan for when a cybersecurity incident occurs.

The new guide provides a NIST incident response framework that advises companies on testing, developing and improving their recovery processes and plans. Due to the numerous types of cybersecurity incidents hitting companies, the NIST incident response playbook strongly advises organizations to develop a specific strategy or playbook to tackle individual types of threats. The guide gives a list of playbooks that can be initiated to deal with ransomware and breaches.

Incident preparedness

Many large corporations and organizations wonder what the best defense strategy for cybersecurity is. The NIST incident response playbook provides some tools, resources, and ideas to help companies with recovery. These are as follows:

  • A contact list of all key personnel involved with incident response and cybersecurity.
  • Proper encryption software to conduct internal and external communications.
  • Secure and off-the-grid laptops to monitor and analyze the network.
  • Forensic software for analysis purposes.
  • Thorough documentation of all software in use within the company.
  • Complete access to the unaffected operating system for the recovery team.

The points listed above are only a few ideas for recovery preparedness. There is a host of other ideas and resources available in the NIST incident response playbook.

The caveat

As great as the NIST incident response guide is, it is not a fix-all. The guide does not deal with incidences such as natural disasters, non-computer related incidents or power failures. However, the organizations existing cybersecurity and business continuity plan and processes should deal with this already.

Ultimately, even though the playbook is not a fix-all, it is still a great guide to help companies formulate a response process. Also, whether you adhere to the NIST guide or create your own framework, you should always be prepared for any incidence that may disrupt business continuity. Modern-day cyber attacks could result in the loss of millions of dollars and productivity hours.

Comments are closed