Get expert help maturing your cyber security to the NIST framework
From one of the first organisations in Australia to achieve ISO 27001:2022
Our cyber security specialists help businesses better understand, manage and reduce their cyber security risk in accordance with NIST (National Institute of Standards and Technology).
The MyEmpire Group difference
"We’re big enough to support all manner of businesses, from ma and pa’s to enterprise, but small enough to still obsess over detail."
We don’t obsess over detail to the point of paralysis, but we do take great pride in delivering exceptional work. And it’s not just because we get a thrill receiving elated client feedback, although that’s something we all share in common. Primarily it’s because we genuinely care about building cyber security systems that protect businesses. That means really learning your business and your people so we can develop a cyber security strategy suited to you, not a close-enough template pulled from a file. That’s what makes us different; we only feel satisfied when we know a job’s been done right.
Our People
Our cyber security specialists are a mixture of seasoned veterans, many with 30+ years’ experience in IT, management and security. We also have young faces on the team, our rising stars–those whose talents we recognised early and chose to invest in.
Beyond being experts in their fields, our people share a few things in common, a result of how we hire. Prior to any skills being tested in an interview, we look for personable people. Authentic, honest people who are passionate about their field and good communicators. In other words, we look for people who light up when they talk about their line of work. People whose passion is contagious. Only candidates who meet this criteria are taken through the typical interview steps where we probe skills and work history.
Leadership Team
Alex Woerndle
HEAD OF OPERATIONS
(CO-FOUNDER & DIRECTOR)
Alex is an experienced director, IT consultant and infosec professional. He provides security management and leadership to a range of organisations from start-ups through to governments and ASX50 listed enterprises. He has also served over 10 years in voluntary roles as a Non-Executive Director of the Australian Information Security Association,.au Domain Administration Ltd and the Australian Conservation Foundation’s Finance, Audit and Risk Committee.
Carl Woerndle
HEAD OF SALES AND MARKETING
(CO-FOUNDER & DIRECTOR)
Carl has more than three decades’ experience in IT, security and business leadership. Prior to MyEmpire Group, he and Alex built DistributeIT which held approx. 10% market share of .com.au domains. As well as a business owner and manager, Carl has worked as a Cyber Security Advisor consultant for Deloitte. He is a regular keynote speaker on cyber security.
Chris Self
HEAD OF SERVICE DELIVERY
Chris is a highly experienced information security principal. He has worked as a senior cyber security consultant for KPMG, CQR Consulting (now part of CyberCX) and Deloitte. Prior to starting with MyEmpire Group, he was the Information Security Manager at Adelaide Airport where he led a full rebuild of the airport’s cyber security processes and infrastructure. Chris holds a master’s in information systems security and a number of information security certifications, including CISSP and CRISC.
Talk to a NIST Cyber Security Specialist
NIST is the US ‘National Institute of Standards and Technology’. The NIST Cybersecurity Framework includes standards, best practice guidelines, and other resources to help organisations mature their cyber security and better protect their networks and data.
NIST includes five areas (or functions) organisations can focus on to holistically improve their cyber security
Some of the key areas NIST focuses on include cryptography, education and workforce, emerging technologies, risk management, identity and access management, measurements, trustworthy networks and trustworthy platforms. NIST also helps businesses consider and improve how they manage privacy risks.
We can guide you through each of these areas and help you implement changes to meet NIST standards.
Talk to a cyber specialist today
Improve your organisation’s cyber security
The NIST Cybersecurity Framework gives organisations a focused way to improve cyber security and better protect networks and data against the most common cyber attacks. Focusing on the five areas can radically improve your cyber defence.
Increase your business opportunities
As well as giving your business a foundation to improve your cyber security, NIST helps you align to a US market standard. This builds trust with businesses, consumers, regulators etc, and often leads to new business opportunities because it demonstrates to third parties you are equipped to protect their (and their customers) information.
Tiers to fit any sized organisation
A four Tier rank is attached to each of the five areas covered by NIST. It means you can enhance your cyber security incrementally. For instance, you can start by achieving Tier 1 across all areas, or you can focus on a key area and take it to Tier 4, whichever helps mitigate the largest risk to your business.
- Tier 1: Partial
- Tier 2: Risk Informed
- Tier 3: Repeatable
- Tier 4: Adaptive
Here's our typical process...
1. Understand your ‘why’
We start by understanding your reasons for wanting to apply NIST to your organisation. This could be generally improving your cyber security risk posture, getting guidance identifying and addressing cyber security gaps in existing implementations, or maybe you’ve been told it’s an industry requirement.
2. Scope the deliverables
We’ll interview key stakeholders in your organisation to understand which environments you want included in-scope for the assessment. For instance, information technology (IT), operational technology (OT), specific business units or locations.
3. Identify your key stakeholders
We’ll help you identify who’s required for NIST discussion workshops, e.g., management, teams involved with IT applications, cyber security, networks or systems, external MSPs/MSSPs etc. We recommend those responsible for implementing and managing the technical controls be involved in workshops.
4. Matching to a Tier level
Prior to the cyber health assessment, we’ll work with you to identify the right NIST Tier levels for your business goals. This ranges from Tier 1 to Tier 4 for each of the five areas.
5. Assessment against NIST
We’ll measure your level of alignment with a focus on the NIST guidelines and highlight key misalignments .
6. Technical NIST recommendations
We’ll develop business-specific technical recommendations for each NIST function.
7. Assessment report
We’ll provide you with an easy to digest Assessment Report. In the report, we’ll describe each NIST mitigation strategy and your business’ current alignment with the Tiers, as well as guidance on quick wins, tasks to be prioritised, and suggested timelines.
8. Support with implementation
We can help implement people, process and technology improvements needed to uplift your NIST maturity.
The NIST Cybersecurity Framework Functions:
The below five functions make up the NIST Cybersecurity Framework. They are not designed to be done in order, i.e. they are not a roadmap. The functions are better done simultaneously and continuously, i.e. they are segments of a pie covering all areas of a good cyber security strategy.
1. Identify
Develop an understanding of how you manage cyber security risk at an organisational scale. This involves intimately understanding the risks to people, systems, data, assets etc in your business. It includes:
- Asset Management
- Business Environment
- Governance
- Risk Assessment
- Risk Management Strategy.
We can help you get a critical understanding of how your business operates and the cyber risks attached. This helps determine how you prioritise your efforts when developing a cyber security strategy.
2. Protect
Implement safeguards to limit or contain the impact of a cyber security attack and ensure the delivery of critical services. It includes:
- Identity Management and Access Control
- Awareness and Training
- Data Security
- Information Protection Processes and Procedures
- Protective Technology.
We can help carry out the cyber security activities related to the above areas to ensure damage to operations is minimised in time and scope, if the worst case scenario was to occur.
3. Detect
Develop activities to identify if a cyber security incident occurs. This allows you to respond to cyber security events in a timely way. It includes:
- Anomalies and Events
- Security Continuous Monitoring
- Detection Processes.
We can help you put the appropriate measures in place to detect cyber security attacks.
4. Respond
Develop an appropriate response to a detected cyber security incident so you can contain the impact. It includes:
- Response Planning
- Communications
- Analysis
- Mitigation
- Improvements.
We can help with all of the above.
5. Recover
Establish an appropriate response to restore capabilities or services impaired from a cyber security incident. The idea is to get things back to normal operation as quickly as possible. It includes:
- Recovery Planning
- Improvements
- Communications.
Again, we can help with all of the above when it comes to the activities connected to cyber security and general business risk.