NIST Cybersecurity Framework Steps
The NIST Cybersecurity Program. 参与其中!
密苏里州的企业 is the NIST MEP National Network partner for the state of Missouri, and if you manufacture in Missouri, you can connect with an extensive network of resources through us. The National Institute of Standards and Technology’s world-class cybersecurity program is just one of those great resources, and you should 参与其中! The program was specifically designed to help small to medium sized manufacturers effectively manage cybersecurity. 马来西亚云顶国际网站 要了解更多. 马来西亚云顶国际网站是来帮忙的.
The NIST Cybersecurity Framework.
The National Institute of Technology’s (NIST) Cybersecurity Framework helps manufacturing organizations better understand and improve their management of cybersecurity risk. The framework consists of standards, guidelines and practices to promote the protection of manufacturers’ information and IT systems. The framework is a flexible, cost-effective approach to help manufacturing companies manage cybersecurity related risk. The NIST Cybersecurity Framework consists of 5 key areas.
- 识别. Make a list of all equipment, software and data you use, 包括笔记本电脑, 智能手机, tablets and point of sale devices. Create and share a company cybersecurity policy that covers:
- Roles and responsibilities for employees, vendors and anyone else with access to sensitive data.
- Steps to take to protect against an attack and limit the damage if one occurs.
- 保护. Create and share a company cybersecurity policy that covers:
- Control who logs on to your network and uses your computers and other devices.
- Use security software to protect data.
- Encrypt sensitive data, at rest and in transit.
- Update security software regularly, automating those updates if possible.
- Have formal policies for safely disposing of electronic files and old devices.
- Train everyone who uses your computers, devices and network about cybersecurity. You can help employees understand their personal risk in addition to their crucial role in the workplace.
- Monitor your computers for unauthorized personnel access, devices (like USB drives), and software.
- Check your network for unauthorized users or connections.
- Investigate any unusual activities on your network by your staff.
- 回应. 为以下事情制定计划:
- Notifying customers, employees and others whose data may be at risk.
- Keeping business operations up and running.
- Investigating and containing an attack.
- Updating your cybersecurity policy and plan with lessons learned.
- Preparing for inadvertent events (like weather emergencies) that may put data at risk.
- 恢复. 攻击后:
- Repair and restore the parts and equipment of your network that were affected.
- Keep employees and customers informed of your response and recovery activities.