Welcome to another session of 3 minutes a day, Most cyber threats can be mitigated by raising awareness and following best practices in cyber security and business continuity. It is critical for any organization to follow local and international regulations and compliance. Organizations want to protect themselves from both internal and external attacks, in addition to meeting regulatory requirements. Protection of clients' data is the highest priority for any business as technology becomes more complex and interconnected. We'll talk about security baselines in this session.
As per the National institute of standards and technology ( NIST ) a Security Control Baseline means “ The set of minimum-security controls defined for a low-impact, moderate-impact, or high-impact information system. A set of information security controls that have been established through information security strategic planning activities to address one or more specified security categorizations.”
The Baseline Standards are designed to establish an acceptable security standard and to provide a broad framework for a set of measures that can be updated over time. The Baseline Standards model takes a holistic and comprehensive approach to Cyber Security issues, combining the best of multiple standards to meet the needs of key stakeholders.
When it comes to cybersecurity and protecting an organization, there is no one-size-fits-all solution. For example, "zero-day" attacks that take advantage of previously unknown software flaws are particularly dangerous. Using the Cyber Security Baseline Standard Framework to assess and improve cybersecurity risk management should put organizations in a much better position to identify, protect, detect, respond to, and recover from an attack while minimizing damage and impact.
Identify: Learn about the structures, policies, and procedures that must be in place to manage cybersecurity risks to systems, assets, data, and capabilities.
Protect: To deliver and protect the organization's essential services and systems, develop and implement appropriate and proportionate cyber security measures.
Detect: Develop and implement the necessary capabilities to detect, respond to, and defend against a cybersecurity event that can threaten critical services and systems.
Respond: Develop and implement appropriate activities that are prioritized through the risk management process of the organization to take action to contain and minimize the effects of a cybersecurity event.
Recover: Develop and implement appropriate capabilities to restore essential services that have been impacted by a cybersecurity event.
