An affordable risk assessment for small and medium businesses.

The NIST Cybersecurity Framework specifies a cyber risk assessment as part of implementation, one that evaluates the likelihood of threats and the impact they will have.  Our risk assessment meets these objectives by mapping a high-level business profile to cybercrime statistics across ten well-defined threat categories.

We also have a guide for small business executives that need a non-technical understanding of the NIST cybersecurity framework. The book illustrates the business principles behind cyber risk management, and then shows how those concepts map to the NIST Cybersecurity Framework.  It is great way to educate executives on their role in managing cyber risk.

FRAMEWORK REQUIREMENTS

ID.RA – Risk Assessment: The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.

  • ID.RA-1 – Asset vulnerabilities are identified and documented
  • ID.RA-2 – Cyber threat intelligence and vulnerability information is received from information sharing forums and sources
  • ID.RA-3 – Threats, both internal and external, are identified and documented
  • ID.RA-4 – Potential business impacts and likelihoods are identified
  • ID.RA-5 – Threats, vulnerabilities, likelihoods, and impacts are used to determine risk

A GUIDE TO THE FRAMEWORK

We pushed aside the technical jargon to explain the business decisions that make the difference between surviving and thriving in the face of rising cybercrime.

Cybersecurity: A Business Problem
A business approach to cyber risk management

Our guide gives business context to the NIST Cybersecurity Framework.