exida is a leader in Industrial Control Systems (ICS) Cybersecurity and specializes in the Process Control Network (PCN), in terms of performing Risk Assessments, Vulnerability Assessments, and Gap Assessments. As part of this service, exida offers a low-cost gap assessment based upon the National Institute of Standards Technology (NIST) Cybersecurity framework that will determine a company’s general cybersecurity posture.
Process control systems have long been known to be critical to the health, safety, welfare, and economic stability of the public at large. Recognizing this fact in 2013, the president issued Presidential executive order 13636 “Improving Critical Infrastructure Cybersecurity.” The policy calls for the development of a voluntary risk-based Cybersecurity Framework. Based on sets of existing industry standards, policies, and guidelines, developed to be technology neutral, and designed to be used as a template to guide an organization in its cybersecurity activities and focus, the resulting framework is now known as the NIST Cybersecurity Framework.
This framework is not a prescriptive document as are other published standards and regulations. Instead this document allows the organization to determine where they currently stand against a number of categories and at the same time determine where they would like to
stand.
The determination of how the company stands up against a predefined matrix determines the Tier for each category. The aggregation of the Tiers determines the Profile for each of the Functions. The exercise identifies the gap between the Current Profile and the Target Profile. The framework does not give prescriptive solutions on how to achieve the desired Target Profile, but it does lay out a roadmap to guide where activities and energies should be most effectively applied.
Using the Functions, Categories, and Subcategories as detailed in the NIST Cybersecurity Framework as a guide, let exida work with you. We will spend 3 to 4 hours determining your Current and Target profiles, giving you valuable insight into where you are doing well and where some more effort should be applied.
Based on the results of the exercise, exida will provide recommendations and suggestions specific to your organization on how to proceed, where you can accomplish tasks yourself, and where outside expertise would be beneficial.