Cyber-Information Systems Security Program
April 12, 2016
It used to be that only large Fortune 1000 companies would purchase cyber liability insurance, but that is no longer the case. Any small to mid-size company that handles or obtains personal identifiable information on customers, employees or vendors is now responsible and required by law to protect that information. Most companies use computers, tablets and/or smartphones as part of their daily business. As technology advances, it increases the vulnerability of every business as hackers are also advancing and becoming more sophisticated in their methods of obtaining secure/protected information.
As a result of the ever increasing number of data breaches across the world and particularly the United States, our government and likewise regulated agencies are beginning to require certain types of businesses and organizations to incorporate an Information Systems Security Program into their business plans.
As outlined by the National Institute of Standards and Technology, there are 5 main categories in which to develop such a program:
- Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions and the related cybersecurity risks enables an organization to focus and prioritize its efforts consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.
- Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.
- Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.
- Respond – Develop and implement the appropriate activities to take in response to a detected cybersecurity event. The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements.
- Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. The Recover Function supports timely recovery to normal business operations and to reduce the impact of a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.
There is no time like the present to start your Systems Security Program and to secure your information systems and better protect your company against cyber-attacks. For information regarding Cyber Liability Insurance or any other line of insurance, contact one of our experienced licensed representatives at The Armstrong Company Insurance Consultants. Contact us or Request a Quote today! We are always here to be of service to you!