The company I ran before Cybernance developed all of the underlying algorithms for the TSAs terrorist screening program.
Equifax is today’s poster child for management teams and boards.
What happened wasthey used a particular web server technology to roll out a new product offering into the marketplace.
However, the product was released without adequately patching and protecting the web service.
Equifax testified before Congress that they found the person responsible and fired him.
Let me tell you that this was not an individual one-person screw-up - that’s not possible.
That’s why we have policies and procedures within companies.
What is the NIST Standard?
How does Cybernance help companies comply with NIST?
The secret to NISTs success is that these standards are not mandatory but highly recommended.
We based our company on automating the NIST framework through software.
It’s made up of about 80+ questions that result in about 400 control points within an organization.
We ask things like: Do you have a policy for this?
Is that policy reviewed quarterly, annually?
Is there an approval process?
Do you have the following responses?
Do the results give recommendations to improve compliance?
Along with listing the discovered risks relative to the NIST standard, we recommend corrective actions ranked by priority.
Our software also generates what you might call a score.
However, it may not really be indicative of your particular cybersecurity risk.
And they will never see that coming because of their high score.
The score is also helpful if you want to know where your company stands compared to your peers.
or if you gotta do more work.
We submitted our product for review by the Department of Homeland Security’s Safety Act office.
yo, comment on how to improve this article.
