Learn more about the NIST Framework and how you can utilize it to improve your current cybersecurity policies.
NIST is the acronym for the National Institute of Standards and Technology, a government agency within the U.S. Department of Commerce that fosters cybersecurity research, education, and collaboration. As part of that effort, NIST has developed a cybersecurity framework to help organizations of all sizes to identify, assess, and manage cybersecurity risks. Notably, the Securities and Exchange Commission ("SEC") not only utilizes the NIST framework to help manage its own cybersecurity program, but has also commonly referenced the framework when issuing information security guidance to investment advisers. As such, NIST is particularly relevant to a registered investment adviser ("RIA") firm.
Advisory firms should consider incorporating the framework when establishing information security policies and procedures.
The NIST framework focuses on five functions: Identify, Protect, Detect, Respond, and Recover. Each of these 5 functions are broken out further into specific categories, which we have more information on here.
Identify: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
Protect: Develop and implement appropriate safeguards to ensure delivery of critical services.
Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
Respond: Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
Recover: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
TIP: Your employees pose one of the greatest threats to your firm's cybersecurity, so educating and training your staff should be one of the highest priorities.
Our RIA cybersecurity platform includes online NIST framework training as part of its security awareness training capability.
Have a more specific question? Contact us here.