At TechR2, we are part of your organization’s journey to CSF compliance.
From Charles Robbins
September 1, 2021
In the news today are eight firms that experienced breaches and were found to be negligent in meeting the required SEC cybersecurity requirements based on the NIST cybersecurity standard. The SEC fined each firm for not executing their Cybersecurity Framework (CSF) to meet the required US standard. The firms agreed to pay the fines. That is their situation, so what will be your organization’s response in this era of breaches? Once your data is exposed, your team will come under scrutiny by the Board of Directors, the C-Suite Executives, and the public. What they should find is that you are meeting the NIST CSF requirements by executing policies, procedures, training, automated monitoring, and verification.
When you download the NIST PDFs and checklists, it can take over a year of hard work for your team to create a network system that can pass an external CSF audit. After making the positive changes to protecting data, you then will have the group and the tools to sustain cybersecurity compliance on an ongoing basis. Remember, for compliance you should surround your company with certified third-party vendors. Then your organization will have the team and technology to move forward into a challenging future.
When we talk with executives, we tell them how non-compliant companies are losing contracts since they cannot meet CSF requirements. And it takes over a year to earn certification. At TechR2, we are part of your organization’s journey to CSF compliance.