Cyber Security Framework

The NIST CSF (National Institute of Standards and Technology, Cyber Security Framework) is a framework that helps an organization better understand, manage and reduce its security risks. With the help of NIST-CSF, the organization gets a clear picture of its current cyber security capability against a desired state.

Strengthens cyber security • Shows current cyber security capabilities • Guides step by step towards better cyber security

Man som pratar i telefon framför en dator och papper & penna

The NIST CSF framework

With knowledge of the current ability to manage and reduce cyber security risks, the organization’s knowledge of what needs to be accomplished to manage cyber security in a better way increases. This is where the NIST-CSF framework comes in handy for an organization that wants both an indication of the current ability to manage threats and vulnerabilities related to cyber security, but also the knowledge to take the necessary measures.

Following NIST-CSF is not a statutory requirement within the EU. Currently, there is no certification for NIST-CSF. If you want to be certified, management systems within information security ISO 27001 work very well. On the other hand, we see an increased request for NIST-CSF from European companies operating in the US market, which at short notice receive express demands from American customers to apply NIST-CSF. Companies whose customers are directly or indirectly suppliers to US authorities may be faced with explicit requirements to demonstrate a certain level of maturity in their approach to cyber security based on the NIST-CSF. There are four maturity levels and it is the customer/authority who decides which level applies.

The framework’s structure is based on five functional areas that follow each other in a logical sequence.

Do you want to know more?

Contact us and we will tell you more about NIST.

This is what our customers think

Dustin samarbetar med Secify

Secify supports us in data protection issues and in our work with Data Privacy. In a trustworthy manner and with broad competence, Secify has contributed to our delivery.

Robert Ekvall, IT Security & Company Integration Lead

Five steps

The framework is based on five steps to ensure that protection is achieved.

  1. Identify (identify)
    Gives the organization an understanding of what risks exist related to the cyber security of systems, people, assets and data information.
  2. Protect
    Develop and implement appropriate safeguards to ensure delivery of critical business functions.
  3. Detect
    Develop and implement appropriate activities to detect cyber-related threats.
  4. Handle (respond)
    Develop and implement appropriate activities to manage and remediate detected cyber-related threats.
  5. Recover
    Develop and implement appropriate activities to restore critical business functions to normal after cyber-related attacks.
nist-csf-secify

Contact us!

If this seems interesting to your company, you can either send a message using the contact function, or simply pick up the phone and call.

Phone: 020 – 66 99 00
Visiting address: Östra Storgatan 67, Jönköping