Get expert help maturing your cyber security to the NIST framework

We help businesses better understand, manage and reduce their cyber security risk in accordance with NIST (National Institute of Standards and Technology)

How we work NIST framework

Talk to a NIST Cyber Security Specialist

NIST is the US ‘National Institute of Standards and Technology’. The NIST Cybersecurity Framework includes standards, best practice guidelines, and other resources to help organisations mature their cyber security and better protect their networks and data.

NIST includes five areas (or functions) organisations can focus on to holistically improve their cyber security

NIST framework

Some of the key areas NIST focuses on include cryptography, education and workforce, emerging technologies, risk management, identity and access management, measurements, trustworthy networks and trustworthy platforms. NIST also helps businesses consider and improve how they manage privacy risks. 

We can guide you through each of these areas and help you implement changes to meet NIST standards.

Let us help you uplift your cyber security in alignment with NIST

Improve your organisation’s cyber security

The NIST Cybersecurity Framework gives organisations a focused way to improve cyber security and better protect networks and data against the most common cyber attacks. Focusing on the five areas can radically improve your cyber defence. 

How we work

Increase your business opportunities

As well as giving your business a foundation to improve your cyber security, NIST helps you align to a US market standard. This builds trust with businesses, consumers, regulators etc, and often leads to new business opportunities because it demonstrates to third parties you are equipped to protect their (and their customers) information.

Tiers to fit any sized organisation

A four Tier rank is attached to each of the five areas covered by NIST. It means you can enhance your cyber security incrementally. For instance, you can start by achieving Tier 1 across all areas, or you can focus on a key area and take it to Tier 4, whichever helps mitigate the largest risk to your business. 

  • Tier 1: Partial  
  • Tier 2: Risk Informed 
  • Tier 3: Repeatable
  • Tier 4: Adaptive
"The biggest benefit to working with MyEmpire Group is having access to cyber expertise on an as-needed basis. We're able to access skills and knowledge across a broad range of [cyber security] areas, and without having to hire in-house."
Jenelle Schultz
Chief Operating Officer, Business Fitness

Let us help you uplift your cyber security in alignment with NIST

Here's our typical process...

1. Understand your ‘why’

We start by understanding your reasons for wanting to apply NIST to your organisation. This could be generally improving your cyber security risk posture, getting guidance identifying and addressing cyber security gaps in existing implementations, or maybe you’ve been told it’s an industry requirement. 

2. Scope the deliverables

We’ll interview key stakeholders in your organisation to understand which environments you want included in-scope for the assessment. For instance, information technology (IT), operational technology (OT), specific business units or locations.

3. Identify your key stakeholders

We’ll help you identify who’s required for NIST discussion workshops, e.g., management, teams involved with IT applications, cyber security, networks or systems, external MSPs/MSSPs etc. We recommend those responsible for implementing and managing the technical controls be involved in workshops.

4. Matching to a Tier level

Prior to the cyber health assessment, we’ll work with you to identify the right NIST Tier levels for your business goals. This ranges from Tier 1 to Tier 4 for each of the five areas.

5. Assessment against NIST

We’ll measure your level of alignment with a focus on the NIST guidelines  and highlight key misalignments . 

6. Technical NIST recommendations

We’ll develop business-specific technical recommendations for each NIST function

7. Assessment report

We’ll provide you with an easy to digest  Assessment Report. In the report, we’ll describe each NIST mitigation strategy and your business’ current alignment with the Tiers, as well as guidance on quick wins, tasks to be prioritised, and suggested timelines.

8. Support with implementation

We can help implement people, process and technology improvements needed to uplift your NIST maturity.

The NIST Cybersecurity Framework Functions:

The below five functions make up the NIST Cybersecurity Framework. They are not designed to be done in order, i.e. they are not a roadmap. The functions are better done simultaneously and continuously, i.e. they are segments of a pie covering all areas of a good cyber security strategy.

1. Identify

Develop an understanding of how you manage cyber security risk at an organisational scale. This involves intimately understanding the risks to people, systems, data, assets etc in your business. It includes:

  • Asset Management
  • Business Environment
  • Governance
  • Risk Assessment
  • Risk Management Strategy.  

We can help you get a critical understanding of how your business operates and the cyber risks attached. This helps determine how you prioritise your efforts when developing a cyber security strategy.

2. Protect

Implement safeguards to limit or contain the impact of a cyber security attack and ensure the delivery of critical services. It includes:

  • Identity Management and Access Control
  • Awareness and Training
  • Data Security
  • Information Protection Processes and Procedures
  • Protective Technology.  

We can help carry out the cyber security activities related to the above areas to ensure damage to operations is minimised in time and scope, if the worst case scenario was to occur.

3. Detect

Develop activities to identify if a cyber security incident occurs. This allows you to respond to cyber security events in a timely way. It includes:

  • Anomalies and Events
  • Security Continuous Monitoring
  • Detection Processes.  

We can help you put the appropriate measures in place to detect cyber security attacks.

4. Respond

Develop an appropriate response to a detected cyber security incident so you can contain the impact. It includes: 

  • Response Planning
  • Communications
  • Analysis
  • Mitigation
  • Improvements.  

We can help with all of the above.

5. Recover

Establish an appropriate response to restore capabilities or services impaired from a cyber security incident. The idea is to get things back to normal operation as quickly as possible. It includes: 

  • Recovery Planning
  • Improvements
  • Communications. 

Again, we can help with all of the above when it comes to the activities connected to cyber security and general business risk.

Ready to get started?