NIST recommended Cybersecurity for Small/Medium business depends on your data set, and may include security measures in some or all of these categories:

Ø     Asset Management: The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy.

Ø    Business Environment: The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.

Ø    Governance: The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.

Ø    Risk Assessment: The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.

Ø    Risk Management Strategy: The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

Ø     Supply Chain Risk Management:  The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has established and implemented the processes to identify, assess and manage supply chain risks.

Ø      Identity Management, Authentication and Access Control: Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions.

We know that you have a modest Information Technology (IT) budget, but we also understand how important IT is to you.  For a reasonable fee we can review, with you & your staff, the confidentiality, integrity & availability needs for your IT Operations and provide recommendations to improve your survivability during a system failure or an incident.

Cybersecurity is a rapidly changing environment, and therefore our services are best effort based on available information. 

Contact us at secure@cyberdef.biz or 202-207-4559 for a free consultation and cost estimate.