IT Security

International IT house follows a risk based approach to design, implement and maintain security infrastructure for customers.

On February 2014, National institute of standards and technology (NIST) released a Framework for Improving Critical Infrastructure Cybersecurity also known as NIST cybersecurity framework. Focusing on the high impact risks, NIST framework categorizes five key framework functions needed to drive a comprehensive cybersecurity program:

  • Identifying risks to resources supporting critical functions
  • Protecting these resources and limiting the impact of cybersecurity events
  • Detecting incidents that have occurred
  • Responding to the detection of events
  • Recovering following response procedures

 

Each function places heavy reliance on the development of those preceding it

  • You cannot protect your environment correctly without first identifying your key systems and the risks faced by each
  • You cannot to respond to events if you have not first implemented proper measures to detect them

 

Each function has several categories subdividing them into more detailed groups of activities

 

NIST-Cyber-Framework-2-695x437

 

NIST framework is composed of three parts

  • Framework Core
    • Set of activities, desired outcomes, and applicable references (e.g., ISO, NIST 800-53)
    • Consists of five functions: Identify, Protect, Detect, Respond, Recover
      • Identifies key categories for each function
    • Framework Implementation Tiers
      • Characterize cybersecurity practices over a range from Partial (Tier 1) to Adaptive (Tier 4)
      • Provide context on how an organization views cybersecurity risk
    • Framework Profiles
      • Used to identify opportunities to improve cybersecurity posture by comparing a Current profile (“as is” state) to a Target profile (“to be” state)
      • Supports prioritization and measurement of progress towards Target profile

 

Using NIST Framework to address security concerns Allows organizations to:

  • Describe current cybersecurity posture
  • Describe target state for cybersecurity
  • Identify and prioritize opportunities for improvement
  • Assess progress towards target state
  • Communicate using common language among internal and external stakeholders about cybersecurity risk

 

NIST Framework Complements, does not replace, risk management processes, Organizations without cybersecurity programs can use Framework as reference to establish one.

Due to comprehensive addressing of security concerns and above points along with many other benefits, International IT house has decided to use NIST cybersecurity framework as a guideline for implementing security structure, providing custom solutions to maximize data and communication security in full to suit the clients’ level of protection and to fit in their budget.

International IT house provides below services in accordance to five key functions of NIST framework to design security environments.

  • Cybersecurity Software
  • Hardware Appliances
  • Compliance audit
  • Vulnerability assessment
  • Security reports
  • High availability and disaster recovery solutions