March 08, 2023
2 Min Read
In today’s enterprises, cybersecurity touches essentially every facet of the business in one way or another, from customer-facing applications to database servers. For all the benefits that technology brings, in the minds of cybercriminals, it also represents opportunity, and every piece of your digital infrastructure can be a target.
This reality makes cybersecurity and risk reduction a critical focal point for enterprises as the threat landscape and attack surface they contend with grow increasingly complex. Even the largest enterprises are not immune. According to the University of Maryland, a cyberattack occurs every 39 seconds. Just one of these attacks cost global giant FedEx $300 million dollars thanks to a ransomware scheme.
To make themselves more resilient against attacks, many organizations turn to industry standards such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001:2022 to help direct their approach to security.
In a series of reports, we are examining some of the regulations and standards that are impacting how organizations protect their IT environments. The NIST CSF is one of these. It provides voluntary guidance based on existing standards and best practices with the aim of assisting enterprises in managing cybersecurity risk. While it was originally designed with critical infrastructure companies in mind, today the framework is used by various types of organizations all over the world.
For many organizations, ISO/IEC 27001:2022 serves a similar function. ISO/IEC 27001, which was developed in a collaboration between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is part of a specific family of standards that has become one of ISO’s most popular, spanning a variety of controls relating to security risk management. It details a path for organizations to systematize cybersecurity controls and can be applied to various situations or a much more in-depth information security management system (ISMS). Enterprises can use ISO/IEC 27001 certification to demonstrate their commitment to security.
In our mini-report on enterprise compliance, we discuss both NIST CSF and ISO/IEC 27001:2022 and how Absolute Software can help you meet some of both requirements. Reducing the risk of cyberattacks takes a comprehensive approach to security. Both frameworks present IT leaders with an opportunity to assess their security posture and their plans for future investment. Cybersecurity cannot just be the concern of security teams. In an age of digital transformation, the goal of security initiatives should be to support business operations in a way that protects employees, resources, and customers.
No matter what cybersecurity framework your business chooses to align its security strategy with, it’s critical to have the resources in place to support them and maintain compliance.
To learn more about NIST CSF and ISO 27001, download the mini-report here.
Share this article