Framework NIST 

1.      Inventory and monitoring: Asset Management begins with the creation and maintenance of a comprehensive inventory of all the organisation's IT assets. This includes details of hardware, software, licences, configurations, maintenance contracts, etc.

2.      Cost optimisation: By fully understanding asset utilisation, organisations can make informed decisions about purchasing, upgrading or replacing hardware and software. This avoids unnecessary expenditure and reduces costs.

3.      Licence management: Ensuring software licence compliance is crucial to avoid legal and financial penalties. IT Asset Management helps to track licence usage and ensure that only valid and necessary licences are used.

4.      Lifecycle management: Asset Management manages the lifecycle of assets, from acquisition to disposal. This includes planning upgrades, managing warranties, managing renewals and safely disposing of obsolete assets.

5.      Security and compliance: Asset Management helps to maintain the security of IT assets by ensuring that patches are applied, that configurations are secure, and by monitoring potential vulnerabilities.

IT Asset Management is essential for businesses of all sizes, enabling them to optimise investments, reduce compliance risks and maintain an efficient and secure IT environment.

1.      Access and Identity Management: This involves managing access rights to systems, data and resources. The principles of least privilege and strong authentication are often put forward to limit the risks associated with unauthorised access.

2.      Asset Management: Identify, classify and manage IT assets and data according to their value and sensitivity. This enables protection efforts to be focused on the most critical elements.

3.      Configuration Management: Putting in place policies and procedures to manage the software and hardware configurations of systems. This includes monitoring changes and implementing controls to avoid vulnerable configurations.

4.      Data security management: To ensure the confidentiality, integrity and availability of data by implementing encryption, access control and data loss protection measures.

5.      Protection Management: Putting in place security controls such as firewalls, intrusion detection systems (IDS/IPS), antivirus, etc., to protect systems and networks against known threats.

With SVALINN, the "Protect" aspect of the NIST Framework encourages a holistic approach to security, focusing on prevention, early detection and rapid response to security incidents. By integrating these concepts into their day-to-day operations, businesses can strengthen their cyber security.

1.      Continuous monitoring: Implement monitoring systems that analyse activities on networks, systems and applications in real time. This enables abnormal behaviour or indicators of compromise to be spotted quickly.

2.      Log Analysis: Collect and analyse event logs from a variety of sources, such as servers, firewalls, authentication systems, etc. Log analysis can reveal unusual patterns or suspicious activity.

3.      Anomaly Detection: Using machine learning and artificial intelligence techniques to detect abnormal behaviour in network and system activities.

4.      Intrusion Detection: Set up intrusion detection systems (IDS) and intrusion prevention systems (IPS) to monitor unauthorised access attempts, vulnerability scans and attacks in progress.

5.      Alerts and Reporting: Establish processes to generate alerts in the event of suspicious activity or security incidents. These alerts are then processed by security teams in order to take appropriate action.

6.      Threat Hunting: this is a proactive approach where security teams look for signs of malicious activity, even if no alerts have been triggered. This involves in-depth analysis of data to identify potential threats.

By implementing the 'Detect' aspect of the NIST Framework with SVALINN, businesses can reduce the time taken to detect cyber security incidents, enabling a faster and more effective response. This helps to minimise the damage caused by hackers and maintain confidence in corporate systems and data.

1.      Alert channels: It is essential to set up multiple means of sending alerts (email, SMS, mobile application, dashboard) to enable technical teams to react as quickly as possible. Centralising alert feedback is also a definite advantage in ensuring the best possible understanding and response from cyber security departments.

2.      Coordination: Establish clear communication channels and coordination mechanisms between the different teams involved in incident response, including IT security teams, legal teams and communications teams.

3.      Collecting Evidence: Collect digital evidence and event logs related to the incident. This can help to understand the nature of the attack, the attack vectors and the potential damage.

4.      Analysis and Evaluation: Analyse the incident to understand its impact and scope. Also assess the seriousness of the incident and determine the actions required to contain the threat.

5.      Mitigation and Containment: Taking steps to contain the incident and prevent its spread. This may involve isolating affected systems, blocking certain malicious activities or quarantining compromised items.

6.      Learning and Improvement: After managing the incident, it is important to conduct a post-mortem analysis to understand what happened, how the incident was managed and what improvements can be made to future processes and response plans.

With SVALINN, the "Respond" aspect of the NIST Framework aims to ensure proactive and organised management of security incidents. With robust processes in place, organisations can minimise disruption, limit potential damage and ensure rapid recovery from incidents.

1.      Business Continuity Plan: Draw up a Business Continuity Plan (BCP) describing the measures to be taken to ensure the continuity of critical operations in the event of a major incident. This plan should include backup, restoration and disaster recovery processes.

2.      Backup and Restore: Implement regular backup strategies for data and systems. In the event of an incident, data can be restored from recent backups, minimising data loss.

3.      Operations Recovery: Implementing procedures to restore normal operations after an incident has been managed. This may include reactivating systems, bringing services back online and checking that they are working.

4.      Recovery Communication: Inform internal and external users that normal operations will resume after an incident. This can help to restore confidence and reassure users.

5.      Post-incident evaluation : Analyse the actions taken during the recovery phase to assess their effectiveness and identify areas for improvement. This is essential to strengthen business continuity plans in the future.

6.      Continuous improvement: Use the lessons learned from the incident to continuously improve business continuity plans, recovery processes and backup mechanisms.

7.      Training and awareness: Make employees aware of recovery and business continuity procedures, so that they have the right reflexes in the event of an incident.

The "Recover" aspect of the NIST Framework is crucial to ensuring the resilience of organisations in the face of cyber security incidents. By having well-defined business continuity plans and recovery processes in place, organisations can reduce the financial and operational impact of incidents, so they can quickly return to business as usual.

Key points to remember