It takes months for most computer intrusion victims to learn they were breached.  Unfortunately, the hackers get busy much sooner, often stealing data within days if not minutes.

To quote Shakespeare, “What’s in a name?”

This article is the twelfth in our ongoing series exploring the NIST Cybersecurity Framework. 

Network security practitioners often look to solve technical problems with technical solutions: “The engineers got us into this mess; they can get us out of it.”

When students and staff at the Coast Guard Academy needed their laptops and mobile phones repaired, they called Larry Mathews. For over a decade, Mathews owned the local computer repair shop. Then he pleaded guilty to computer intrusion.

Tell somebody that you’re planning to make a plan, and you’ll get some snide looks. But tell somebody that you have a good plan in place, and it instills a sense of preparation and confidence.

Cybersecurity is a topic so broad that the NIST Framework addresses the concept of “Data Security” as just one of 22 important risk categories.

The NIST Framework lists “awareness and training” as a key component of network protection. But how do you go about it? 

As part of our continuing series on the NIST Framework, we completed our review of the “Identify” category last month.  

Starting last August, we began the current series of articles to provide our readers with a deep dive into the NIST Framework and its approach to Identify, Protect, Detect, Respond to and Recover from cybersecurity incidents.