Cyber risk management has become a crucial component in the safe and sound operation of healthcare organizations. Instances of cybercrime, including fraud and information theft, have grown exponentially in recent years, and threaten the overall security and reputational risk of healthcare institutions.
Challenged by this reality, a large healthcare company required a clear picture of their current security program relative to the best practices outlined by the NIST Cybersecurity Framework.
PROTEUS’ CyberVigilance™ solution was selected to provide a gap analysis that mapped the company’s current infrastructure practices and security posture against the NIST controls and provide the appropriate guidance to effectively and proactively manage any discovered risks.
The NIST Cybersecurity Framework has received considerable attention since it was published in February 2014 by providing a risk-based approach for cybersecurity protection of critical infrastructure systems and functions at all levels. The framework offers a way to take a high-level, overarching view of a company’s cybersecurity risk and includes a collection of informative references, existing standards, guidelines and practices.
Cyber threats pose one the gravest national security dangers that the United States faces.
CyberVigilance™ security experts carried out a gap analysis against the NIST Cybersecurity Framework standards. This was an in-depth exercise to review the effectiveness of the company’s existing infrastructure and security controls while assessing their level of compliance with the standard.
This independent risk assessment involved interviews with key business and technical staff members, review of policies and procedures, identification of information assets and lines of responsibility for them, and review of existing controls.
At the conclusion of the assessment phase, our CyberVigilance™ information security and risk management specialists organized all of the collected data in order to further analyze the results from the gap analysis and compared them to the NIST Cybersecurity Framework standards.
Using the CyberVigilance™ report card format to identify score differences, we examined areas of concern for all hardware, operating system, and database deployment levels to further identify specific areas for improvement.
As a result of the analysis, significant differences between the NIST Cybersecurity Framework standard and the current capabilities of the company were discovered.
We reviewed our findings and recommendations with the key stakeholders in order to foster a dialogue to help the company align its tolerance for risk while prioritizing the implementation of the NIST Cybersecurity Framework standards.
Conveying this information helped the company prioritize the key issues in regards to upcoming budgeting and planning cycles and allowed them to examine where additional, more granular risk assessments and gap analysis should be performed.
Based on the findings CyberVigilance™ provided, the company was able to better understand the assessed variance within their infrastructure and security posture and gained immediate insight into quick win opportunities for improving their current practices.
The NIST Cybersecurity Framework was created with the realization that organizations needed high-level guidance for improving their cyber security defenses. This makes the framework well suited for any organization worried about ever evolving cyber threats.
CyberVigilance™ validated all NIST functions and categories and defined new subcategories aligned to the company’s capabilities, programs, and processes. Leveraging CyberVigilance™, the company was able to better determine their current and target security profile and determine their next steps to remediate the findings as they positioned themselves for future DoD Healthcare opportunities.
It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties
About PROTEUS Technologies
PROTEUS Technologies, LLC (PROTEUS), is a leading provider of high-end Cyber Solutions, SIGINT and Technology, Research & Innovation, and Embedded Engineering software services to the Intelligence Community, Federal Executive Departments, HealthCare, and Commercial Industries. PROTEUS has a proven track record of excellence and commitment to client mission success. PROTEUS Headquarters is located in Annapolis Junction, MD with satellite offices in Columbia, MD, and is the 2010 winner of the prestigious DoD Nunn-Perry Award winner, multiple annual Baltimore Business Journal “Best Places to Work” awards, and the most recent Corporate America Software & Technology Award Winner for Innovation in Software/Systems Engineering.