The potential of an undesirable or unfavorable outcome resulting from a weakness or gap that has been exploited by threats due to a given action, activity and/or inaction.
NIST 800 SERIES
When establishing an effective cybersecurity program, selecting an appropriate framework for guidance is an important initial step to putting your organization on a roadmap to success. Whether you operate in a regulated or non-regulated industry, these frameworks provide guidance for making the best decisions for you. The National Institute of Standards and Technology (NIST) has established several variants of frameworks that are tuned to the needs of your industry and maturity level.
While The Mako Group assists organizations with many of the 800 series publications, some stand out as being more commonly used in the marketplace. NIST 800-53 is a framework designed for security controls and assessment procedures for federal information systems and organizations. NIST 800-171 is a framework designed for protecting controlled unclassified information in nonfederal systems and organizations. Regardless of which framework applies to your organization, The Mako Group can help you navigate the waters of understanding, interpreting and implementing the controls within your environment.
Initially, The Mako Group will meet with your stakeholders to help determine the appropriate framework for your organization (if necessary). Once determined, our senior level staff will work closely with your information security and IT staff to understand your unique environment and infrastructure. Through evaluation of your existing policies, procedures, controls and policies, The Mako Group will assess each control from the NIST 800 series framework to establish a risk rating. This rating is calculated using The Mako Group’s proprietary risk rating methodology that is based on risk, impact and compensating controls in place. With this knowledge, The Mako Group will then assist stakeholders in understanding where risk is highest and provide solutions for mitigating each. The end result is a clear picture of where your organization stands, where it needs to be, and a roadmap to get there.