ClearArmor CSRP - 01.01
SOFTWARE BASED VULNERABILITIES
CyberSecurity is a Business Issue, not a Technology Issue
CyberSecurity is not just about reacting. It includes Risk Management, Audit, Compliance, and training. It also requires continuous attention to Cyber Hygiene. CyberSecurity requires continuous measurement, monitoring, and remediation. Is your organization reactive or proactive? Move to proactive CyberSecurity.
To comply with the intent of the NIST CyberSecurity Framework (CSF), Cyber Hygiene is a requirement. To Comply with NIST 800-53, 800-171, DFARS, NY State DFS Part 500, and a plethora of other frameworks and compliance guidelines requires continuous risk reduction through vulnerability remediation. ClearArmor CyberSecurity Resource Planning (CSRP) enables your organization to meet those requirements.
1. CYBER RISK
REDUCTION SERIES
01.01
SOFTWARE BASED
VULNERABILITITES
Overview
Organizations
continuously face risk
rooted in an increasing
and evolving set of threat
vectors. These threat
vectors aggregate to
create an overall attack
surface area. Reducing the underlying vulnerabilities results in a
reduced attack surface area. This reduction limits adversaries’
ability to exploit vulnerabilities and impact what your
organization has identified as valuable.
ClearArmor
ClearArmor™ Corporation
519 Easton Rd.
Riegelsville, PA 18077
info@cleararmor.com
http://www.cleararmor.com
+1-(610) 816-0101
Step 1 – Accept that no risk reduction is sustainable possible without a structured
CyberSecurity program. That Program must be based on a recognized standard.
The most accepted standard is the NIST CyberSecurity Framework (CSF).
Step 1- Structure and Standards are foundational to CyberSecurit
Step 2 – A structured CyberSecurity program requires process, technology, and
governance. ClearArmor CyberSecurity Resource Planning (CSRP) is the only
solution that truly aligns organizations to the NIST CSF. This is achieved by
ClearArmor’s Momentum Methodology (M2) and the Intelligent CyberSecurity
Platform (ICSP).
Step 2 - Process, Technology, and Governance are foundational to CyberSecurity
Step 3 – Assign Ownership to all NIST CSF Functions, Categories, and Sub-
Categories. These are the ‘Things’ that organizations must do to ensure
‘CyberSecurity’. Ownership requires a Responsible Role (Responsible for Doing)
and an Accountable Rile (Responsible for Auditing). By assigning ownership,
organizations are able to comply with guidance provide by the NIST CSF.
Step 3- Assignment of Accountable and Responsible Roles are foundational to CyberSecurity
Step 4 – Policy - establish your organizations software patching, upgrade policy.
A subset of this will include maximum durations for remediations to reach
production, testing guidance, and methods to distribute software patches.
Step 4 – Creation of clearly defined policy is foundational to CyberSecurity