NIST Implementation
Since 2002, URM can support your organisation by assisting with each of the 7-step CSF implementation process or specific steps as follows:
Step 1 – Prioritise and scope. The first step is to identify your business objectives and high-level priorities. This information helps inform the scope of the systems and assets which support the business processes, as well as making strategic decisions concerning cybersecurity implementation. It is crucial that all of your critical systems and assets are identified so that their protection can be prioritised.
Step 2 – Orient. After defining the scope of your cybersecurity programme, URM will assist you in identifying the relevant systems and assets, regulatory requirements and the overall risk approach. This is followed by the identification of threats and vulnerabilities which relate to the systems and assets identified in the scope.
Step 3 – Create a current profile. With this step you need to identify your current profile specifying what security controls have been implemented and what outcomes have been achieved. When looking at the outcomes, you will need to use the Categories and Subcategories from the Framework Core to define which outcomes are being fully or partially achieved. This baseline will help you plan the next steps.
Step 4 – Conduct a risk assessment. Having created a current profile, URM will help you conduct a risk assessment analysing the impact and likelihood of a cybersecurity breach.
Step 5 – Create a target profile. You will now be in a position to create a Target Profile. Here, URM will support you focussing on your Categories and Subcategories and setting targets for your desired cybersecurity outcomes incorporating your organisation’s risk appetite.
Step 6 – Determine, analyse and prioritise gaps. This step includes the creation of a prioritised action plan to close the control gaps between your Current and Target Profiles, reflecting your organisation’s drivers, costs, benefits and risks. You will also need to decide on what resources will be needed to close the gaps.
Step 7 – Implement action plan. Having set priorities for addressing gaps between your Current and Target Profiles, it is now a case of implementing security controls and control activities in order to achieve the target profile. The target profile comprises 108 Subcategories which are outcome-driven statements that reflect the improvement of your organisation’s cybersecurity programme.
Get in touch
Please note, we can only process business email addresses.
Why URM?
Risk Management Expertise
Since 2002, URM has been developing and refining its risk assessment methodologies and processes to address the requirements of international standards and has developed a suite of purpose-designed risk management software products (Abriska).
Experience and Competence
URM is not only experienced in assisting organisations comply with the SWIFT CSCF, but also with PCI DSS, ISO 27001/ISO 27002 and NIST SP 800-53, the main standards against which the CSCF controls are mapped. URM has been involved in assisting hundreds of organisations comply with these standards and will ensure you fully leverage any artefacts gained in complying with these standards as part of your CSCF attestation.
Qualified Assessors
URM’s assessors have attained the required industry relevant professional certifications, e.g., PCI QSA, ISO 27001 lead auditors, CISA.
Company Accreditations
In addition to its 20 years’ experience of delivering practical solutions in the governance, risk and compliance (GRC) space, URM provides reassurance through its own certification to ISO 27001, ISO 22301 and Cyber Essentials Plus, as well as being a CREST-accredited penetration testing organisation.
A Guide to the Certificate in Information Security Management Principles (CISMP)
URM’s blog discusses everything you need to know about the CISMP, including its benefits, who it’s suited to, the topics the CISMP covers, and more.
URM’s blog discusses the common pitfalls of the ISO 27001 implementation and certification process, and how you can avoid making the same mistakes.
URM’s blog drills down into ISO 27001 audits, offering advice on how to effectively develop and implement an ISO 27001 conformant audit programme.
URM’s blog provides advice and guidance on how you can meet the ISO 27001 requirements around interested parties and their needs and expectations.