Former SAP executive readies to roll with Check Point in Africa

Checking out
Africa's security

Former SAP exec to lead Check Point Africa.

Saturday, Aug 24th

NIST framework adds to Africa's cyber security armour

NIST framework adds to Africa's cyber security armour

Organisations looking to bolster their cybersecurity posture and better protect an organisation's critical infrastructure have another weapon to add to their arsenal – the NIST Cybersecurity Framework, developed by the National Institute of Standards and Technology.

The Framework is based on existing standards, guidelines, practices and includes references to ISO 2700x, CobIT and other standards. It consists of three main components – Framework Core, Implementation Tiers and Profiles.

While it is used by most organisations to identify, protect, detect, respond and recover from cyber related threats and incidents, more widespread adoption is being hampered by the significant investment required in terms of resources to improve cybersecurity capabilities, according to Raymond du Plessis, senior managing consultant, Mobius Consulting.

Speaking at the ITWeb Security Summit 2019, hosted in Sandton Johannesburg this week, Du Plessis outlined the five core functions covered by the framework including: to identify, protect, detect, respond and recover.

"It is being used by more and more organisations, not only in the US, but in South Africa and round the world. One of the cool things is that it is completely free ... there are 287 controls split into five core functions and that's the trick. They've taken the controls we're all used to and rearranged them into these pillars. You can think of them as functions to reinforce security," said du Plessis.

Organisations have to follow several steps to benefit from the framework. These steps include conducting an assessment against the framework to identify gaps, develop a roadmap and prioritise plans.

"Step four is incident response. This is a critical component of cyber security and especially this cyber security framework. You have to spend a lot of time and effort in getting this right," said du Plessis.

Incident response is based on key sub-steps including detection, response and recovery.

Du Plessis emphasised that to leverage the framework, businesses must begin by achieving a common understanding of critical assets and cyber-related threats.

"It is important to identify critical assets and think about cyber threats and threat actors," he said.

These potential threats were listed as cybercriminals, social hackers, competitors, activists/ hacktivists, cyber terrorists and nation states.

ALSO ON ITWEB AFRICA

Business support systems and 5G Published on 20 August 2019

BSS providers will play a key role in helping drive communication innovations in the future says Hassen Hamza, Pre-Sales & Business Development Director, MEA, at Nexign.

HPE South Africa appoints new MD Published on 30 July 2019

President Ntuli will serve in the position effective 1 August 2019.

AI to change contact centre CX experience Published on 08 August 2019

For companies looking to enhance their contact centre environments, AI can be leveraged to deliver more improved CX at unprecedented levels.