Get expert help maturing your cyber security to the NIST framework
From one of the first organisations in Australia to achieve ISO 27001:2022
Our cyber security specialists help businesses better understand, manage and reduce their cyber security risk in accordance with NIST (National Institute of Standards and Technology).
The MyEmpire Group difference
"We’re big enough to support all manner of businesses, from ma and pa’s to enterprise, but small enough to still obsess over detail."
We don’t obsess over detail to the point of paralysis, but we do take great pride in delivering exceptional work. And it’s not just because we get a thrill receiving elated client feedback, although that’s something we all share in common. Primarily it’s because we genuinely care about building cyber security systems that protect businesses. That means really learning your business and your people so we can develop a cyber security strategy suited to you, not a close-enough template pulled from a file. That’s what makes us different; we only feel satisfied when we know a job’s been done right.
Our People
Our cyber security specialists are a mixture of seasoned veterans, many with 30+ years’ experience in IT, management and security. We also have young faces on the team, our rising stars–those whose talents we recognised early and chose to invest in.
Beyond being experts in their fields, our people share a few things in common, a result of how we hire. Prior to any skills being tested in an interview, we look for personable people. Authentic, honest people who are passionate about their field and good communicators. In other words, we look for people who light up when they talk about their line of work. People whose passion is contagious. Only candidates who meet this criteria are taken through the typical interview steps where we probe skills and work history.
Leadership Team
Alex Woerndle
HEAD OF OPERATIONS
(CO-FOUNDER & DIRECTOR)
Alex is an experienced director, IT consultant and infosec professional. He provides security management and leadership to a range of organisations from start-ups through to governments and ASX50 listed enterprises. He has also served over 10 years in voluntary roles as a Non-Executive Director of the Australian Information Security Association,.au Domain Administration Ltd and the Australian Conservation Foundation’s Finance, Audit and Risk Committee.
Carl Woerndle
HEAD OF SALES AND MARKETING
(CO-FOUNDER & DIRECTOR)
Carl has more than three decades’ experience in IT, security and business leadership. Prior to MyEmpire Group, he and Alex built DistributeIT which held approx. 10% market share of .com.au domains. As well as a business owner and manager, Carl has worked as a Cyber Security Advisor consultant for Deloitte. He is a regular keynote speaker on cyber security.
Chris Self
HEAD OF SERVICE DELIVERY
Chris is a highly experienced information security principal. He has worked as a senior cyber security consultant for KPMG, CQR Consulting (now part of CyberCX) and Deloitte. Prior to starting with MyEmpire Group, he was the Information Security Manager at Adelaide Airport where he led a full rebuild of the airport’s cyber security processes and infrastructure. Chris holds a master’s in information systems security and a number of information security certifications, including CISSP and CRISC.
Talk to a NIST Cyber Security Specialist
NIST is the US ‘National Institute of Standards and Technology’. The NIST Cybersecurity Framework includes standards, best practice guidelines, and other resources to help organisations mature their cyber security and better protect their networks and data.
NIST includes 6 areas (or functions) organisations can focus on to holistically improve their cyber security
Developed by the National Institute of Standards and Technology (NIST), the Cybersecurity Framework (CSF) provides cyber security guidelines to organisations to help them identify, protect, detect, respond and recover from cyber-attacks, as well as govern each of these functions. The framework also helps with communication between internal and external stakeholders.
We can guide you through each of these areas and help you implement changes to meet NIST standards.
The NIST Cybersecurity Framework Functions:
The below 6 Functions make up the NIST CSF. The functions are better done simultaneously and continuously, i.e. they are segments of a pie covering all areas of a good cyber security posture.
Govern
Establish governance to connect and monitor all of the other (below) functions. This includes people, processes, policies, technology, systems, assets, data etc, related to cyber security.
Identify
Identify what is important to your business so you are best placed to manage risk and implement protections.
Protect
Set up appropriate safeguards to ensure delivery of your critical services and business as usual.
Detect
Put in place appropriate activities and tools to detect the occurrence of a cyber security incident.
Respond
Develop a strategic plan to effectively respond to a cyber security incident.
Recover
Have policies and actions in place to restore and recover from a cyber attack to limit downtime and reputational damage (in a worst case scenario).
Talk to a cyber specialist today
The Benefits of NIST
Improve your organisation’s cyber security
The NIST Cybersecurity Framework gives organisations a focused way to improve cyber security and better protect networks and data against the most common cyber attacks. Focusing on the 6 areas can radically improve your cyber defence.
Align to an international standard
Align your organisation to an international framework to not only ensure you are following best practice standards, and complying with laws and regulations, but to demonstrate this fact to others.
Prioritise and triage your actions
The NIST CF helps provide scope on what security concerns need to be addressed and in what order. Giving you visibility on the biggest cyber risks to your business let’s you organise the ‘what, how and when’ to take actions so you can best lift your cyber defence.
Give your security structure
Following NIST makes it simple to provide a consistent and structured approach to your cyber security. It connects an organisation’s different departments and locations to provide your business eco-system—the people, products and processes—with more security thought and risk assessment.
Increase your business opportunities
As well as giving your business a foundation to improve your cyber security, NIST helps you align to a US market standard. This builds trust with businesses, consumers, regulators etc, and often leads to new business opportunities because it demonstrates to third parties you are equipped to protect their (and their customers) information.
Tiers to fit any sized organisation
We can conduct a CMMI Maturity Assessment of your current security state and future state. We can then provide recommendations to uplift your cyber security.
The measurement of maturity can include:
Level 0 – None
Level 1 – Initial
Level 2 – Managed
Level 3 – Defined
Level 4 – Quantitatively Managed
Level 5 – Optimised
Here is our typical process...
1. Understand your ‘why’
We start by understanding your reasons for wanting to apply NIST CSF to your organisation. This could be to generally improve your cyber security risk posture, get guidance identifying and addressing gaps in existing implementations, or maybe you’ve been told it’s an industry requirement.
2. Scope the deliverables
We firm up which environments you want included in-scope for the assessment. For instance, information technology (IT), operational technology (OT), specific business units/locations or the entire enterprise.
3. Identify your control owners
We help you identify who’s required for NIST discussion workshops, e.g., management, teams involved with IT applications, cyber security, networks or systems providers, external MSPs/MSSPs etc. We recommend those responsible for implementing and managing the controls be involved in workshops.
4. Matching to a Maturity Level
We work with you to identify the right NIST Maturity Levels for your business goals. This ranges from Maturity Level 0 to 5 for each of the 6 areas.
5. Assessment against NIST
We measure your level of alignment with a focus on the NIST guidelines and highlight key misalignments.
6. Contextualise NIST recommendations
We develop customised technical and business recommendations to improve each NIST Function.
7. Assessment deliverables
We provide you with an easy to digest Assessment Report and Assessment Workbook. In these we show what each NIST mitigation strategy is and your business’ current alignment with the Maturity Levels, as well as guidance on quick wins, tasks to be prioritised, and suggested timelines.
8. Support with implementation
We can help implement people, process and technology improvements needed to uplift your NIST maturity.