Guidelines to Strengthen Privacy and Network Security Efforts
In mid-February 2014, the National Institute of Standards and Technology (NIST) released voluntary industry standards and best practices to prevent cyber-attacks in its publication “Framework for Improving Critical Infrastructure Cybersecurity.” In a statement, President Barack Obama called the Framework a turning point, but also notes that there is still work to be done against these Privacy and Network Security threats.
The government notes that the Framework, which was created through their collaboration with the private sector, should be used to complement an organization’s risk management and cybersecurity, or network security, program. The following guidelines were created by members of the federal government to strengthen privacy and network security efforts. Not only is this good information for insurance agents to have, it is imperative to share this with your clients as well.
These guidelines are divided into three components: core, tiers, and profiles. The core provides a set of activities that achieve specific cybersecurity outcomes, while the tiers provide context on how an organization views privacy and network security risk and the processes in place to manage those risks. Profiles align all this information in order to state current or meet desired network security practices.
Here are seven steps you and/or your clients can take to either establish or strengthen privacy and network security efforts using the Framework:
- Identify business/mission objectives and high-level organizational priorities. Make strategic decisions regarding cybersecurity implementations.
- Identify related systems and assets, regulatory requirement, and overall risk approach.
- Develop a current network security profile by indicating which outcomes form the Framework core are currently being achieved.
- Conduct a risk assessment.
- Create a target profile that corresponds to desired network security outcomes.
- Create a prioritized action plan to address current gaps between the current and target profiles.
- Implement an action plan.
At PL Risk Advisors, we understand that all industries and companies could face the risk of a privacy and network security breach. Privacy and Network Security Insurance is a must for both small and large firms to protect against this widespread exposure. Please contact us today at (855) 403-5982 to learn more about these coverages as well as our Professional Liability products.