enough to break into your network and delete files on your servers may also be skilled enough to delete your cloud backups as well.
Automated: Don’t rely on remembering to run a backup every Friday at the end of the day. You’ll forget. Make sure your backup processes are automated.
Monitored: Don’t assume backups worked this week just because they worked last week. Monitor your backups regularly to ensure they’re working as designed.
Tested: Don’t wait until the pressure of a recovery to see if your backups actually work. Regularly test them by restoring individual files and entire servers.
Here are a few other elements your recovery plan should include:
Spare computers: If a cyberattack compromises one of your desktop computers, make sure you have a spare or two that you can quickly configure to quickly get the user back to work.
Emergency disk capacity: Restore operations often require that you have plenty of spare disk capacity available so that you can move data around. Inexpensive network-attached storage (NAS; see Book 3, Chapter 5) may fit the bill, but keep in mind that this type of storage is very slow. If you rely on it, you may find that it takes several days to recover multiple terabytes of data.
Communications: In the midst of a recovery from a cyberattack, it’s vital that you communicate with your users. They’ll need to know what’s going on, how long you expect the recovery to take, and so on. Unfortunately, this communication may be difficult if the normal channels of communication — such as email — have been disrupted by the attack. So, you should plan in advance for alternative methods of communicating with users, such as cloud-based communication platforms like Teams or Slack.
Cybersecurity Frameworks
It’s tempting to think that all you need to do to secure your network is install a firewall, run antivirus software on all your computers, and back up all your data. Those are important first steps, but cybersecurity is much bigger than a checklist of things to do.
In fact, cybersecurity should be baked into your IT systems from the ground up. Every aspect of your system designs should take cybersecurity into account, not as an afterthought but from the very beginning. That includes your servers, storage platforms, desktop computers, network infrastructure (including switches, routers, firewalls, cables, and wireless networks), mobile devices, operating systems, software, and anything else that’s part of your IT environment.
It’s a daunting task, but fortunately you’re not alone in figuring out how to make cybersecurity a top priority in your IT organization. Plenty of resources are available to you — including standardized frameworks that can help you plan and implement your security environment.
There are plenty of cybersecurity frameworks to choose from. In fact, the top hit on a recent Google search for “cybersecurity frameworks” was a website that listed the 23 top cybersecurity frameworks. That’s a lot to choose from. Although most of these frameworks are similar, there are subtle differences.
Here are five of the most popular cybersecurity frameworks you may want to investigate:
NIST: The NIST Cybersecurity Framework is probably the most commonly used framework in the United States. It’s governed by the National Institute of Standards and Technology (NIST). (For more information about this popular framework, refer to “The NIST Cybersecurity Framework,” later in this chapter.)
ISO/IEC 270: This is the most popular international cybersecurity framework. For more information, browse to https://iso.org/isoiec-27001-information-security.html.
ISA 62443: The International Society of Automation (https://isa.org) sponsors a series of standards known as ISA 62443, which comprise a flexible framework for managing security. For more information, see www.isa.org/technical-topics/cybersecurity/cybersecurity-resources.
CIS-20: The Center for Internet Security (CIS) is an organization that provides a list of 20 cybersecurity controls that can be used as a framework for organizing your cybersecurity measures. For more information, see www.cisecurity.org/controls/cis-controls-list.
COBIT: Sponsored by the Information Systems Audit and Control Association (ISACA), COBIT (which stands for Control Objectives for Information and Related Technologies) is one of the more popular cybersecurity frameworks. For more information, head to www.isaca.org/resources/cobit.
The NIST Cybersecurity Framework
In 2014, NIST issued the first version of its cybersecurity framework, officially known as the Framework for Improving Critical Infrastructure Cybersecurity, but commonly referred to as the NIST Framework (and often when speaking in the context of cybersecurity simply NIST). I refer to it simply as the Framework throughout the rest of this chapter.
The Framework was originally intended to apply to critical infrastructure such as the power grid, transportation systems, dams, government agencies, and so on. But the Framework quickly became popular in the private sector as well and is now considered one of the best overall tools for planning cybersecurity for large and small organizations, public and private.
The Framework is useful for any organization large enough to have a dedicated IT staff, even if that staff consists of just one person. No organization can or should implement every detail that is spelled out in the Framework. Instead, the Framework invites you to develop a solid understanding of the cybersecurity risks your organization faces and to implement a risk management strategy based on informed decisions about which security practices make sense for your organization.
In 2018, NIST issued a new version of the Framework, known as Version 1.1. The new version includes a section on self assessment and greatly expanded its coverage of the cybersecurity risk associated with business supply chains.
You can find the complete documentation for the Cybersecurity Framework Version at https://nist.gov/cyberframework/framework. I strongly suggest you download the Framework document, print it out, and read it. It’s only about 50 pages.
The Framework consists of three basic components:
Framework Core: This section identifies five basic functions of cybersecurity:Identify: You must know, in detail, exactly what parts of your organization are vulnerable to cyberattack.Protect: You should take specific steps to protect those parts of your organization that you’ve identified as being vulnerable.Detect: This function involves monitoring your systems and environment so that you know as soon as possible when a cyberattack occurs.Respond: This function helps you plan in advance how you’ll respond when a cybersecurity incident occurs.Recover: According to the Framework, you must “Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or servers that were impaired due
