Make the move from business continuity to true business resilience.
Interactive NIST or The Essential 8: Which cyber risk management framework best suits your business?

Notice: Trying to access array offset on value of type null in /var/www/interactive.com.au/wp-content/uploads/cache/af449b902f134ca9d3e4e7ecfd9f3ec003e2da77.php on line 20

Notice: Trying to access array offset on value of type null in /var/www/interactive.com.au/wp-content/uploads/cache/af449b902f134ca9d3e4e7ecfd9f3ec003e2da77.php on line 21
Insights 3 minutes read

NIST or The Essential 8: Which cyber risk management framework best suits your business?

As reliance on company data and technology increases, organisations must shore up their defences to ensure their critical assets are protected. We discuss two widely used frameworks to help you set the bar for a strong cyber security posture.
cyber-risk-framework-interactive-insights

Choosing the right cyber risk management framework

Across the world, organisations use validated cyber security risk management frameworks to help provide both credibility and assurance that they are making solid inroads towards a strong cyber posture.

Frameworks assist with communicating an immediate view of an organisation’s situation and their longer-term strategy.

While there are many different frameworks for assessing cyber security maturity, the two most common ones we see are the “Essential 8” from the Australian Government and the NIST framework from the US Government.

cyber-risk-framework-interactive-insights-internal

The NIST cyber security framework

For a complete set of control measures, many regulated organisations choose to use the NIST Cyber Security Framework from the US Department of Commerce.

This approach provides a comprehensive framework for assessing your current cyber maturity against a model which includes specific profiles for different industries.

Key Insight Unlike the Essential 8, NIST is sector or industry based rather than a more general assessment of threat.

The NIST assessment reporting provides you with a clear path to increase your information security maturity over time. To communicate this, the NIST framework refers to the following levels of maturity:

  1. Incomplete
  2. Initial
  3. Basic
  4. Defined
  5. Managed
  6. Optimised

Organisations can use this maturity path to understand what is needed to improve their cyber security maturity. At Interactive, we often recommend NIST to our cyber security customers as the right framework to understand what is needed to mitigate risks in their specific information security landscape. As your maturity develops, planning for, and mitigating, the type of attacks your organisation is likely to receive becomes key to your future success.

The Essential 8

Designed to protect Microsoft Windows-based internet-connected networks, the Essential Eight is the framework of choice for organisations whose infrastructure is largely based on the Windows™ operating system. The Essential 8 framework consists of four maturity levels. With the exception of Maturity Level Zero, each is based on mitigating increasing levels of adversary tradecraft (e.g. tools, tactics, techniques, and procedures) and targeting.

 

The four maturity levels are:

  1. Maturity Level Zero
  2. Maturity Level One
  3. Maturity Level Two
  4. Maturity Level Three

Each organisation utilising the needs to consider its own relevance and value to an external adversary. For example, if your data is highly valuable and would be of interest to external parties (e.g. bank details, identity details, innovation or design IP etc.) you are likely to be a target for a Maturity Level Three adversary and therefore your cyber posture needs to reflect this.

Emerging reforms to protect Australians from cyber attacks will also call for ‘critical infrastructure’ organisations to have a risk management program that is signed off by the Board. So, performing this early diagnostic with a clear map of your environment will ensure compliance is achieved in the short and longer term.

Preparation is key

Having the ability to communicate your approach and status at any time to a variety of stakeholders is critical. Utilising either the Essential 8 or NIST will help prepare you these conversations, while ensuring your organisation remains compliant with requirements from regulators and your customers.

To build a robust cyber risk management plan, contact the experts at Interactive today.

Cyber Security Framework Explained

Learn how you can effectively communicate your cyber security framework in a way so C-level and the Board understands.

Don't let procrastination leave you vulnerable

FORM HEADINF
Search by industry
  • All
  • Automotive and Logistics
  • Consumer Packaged Goods
  • Corporate
  • Financial Services
  • FMCG
  • Government
  • Healthcare
  • IT, Data and Software
  • Manufacturing
  • Media and Entertainment
  • Philanthropy and Volunteer
  • Real Estate
  • Retail
  • Superannuation
  • Travel