Develop tools and training to assist business owners with securing their information and information systems by gauging and mitigating risk.
The Internet is fundamentally insecure. However, there are simple things you can do to protect yourself and your information. Learn what they are in NOVA's Cybersecurity Lab.
Cybersecurity is more art than science. Its balancing security-related restrictions with technological optimization. It is the art of being one step ahead of bad actors while having plenty of room for creativity, workflow and innovation.
An IT Security Manager once joked, "If I'm doing my job, you won't be able to do yours." Its a true statement and, unfortunately, a very common myopic view shared by many in the IT field, who feel they MUST lock systems down without consideration of its users. But there must be a balance.
The balance is found in understanding and excepting the amount of risk inherent in your system. Can any system be made 100% secure? No, of course not. The National Institute of Standards and Technology (NIST) has developed the Risk Management Framework (RMF) that consists of standards, guidelines and best practices to manage cybersecurity-related risk.
RMF consists of 18 families of security controls. Within each family, depending on the type of data and level of security, there may be dozens of individual controls relating to policy, processes and audits of information systems and networking devices.
When all told, hundreds of controls may be identified for the IT system and must be assessed. The compiled assessment of these controls will indicate a level of risk.
Within RMF guidelines, SmartCIO is focused on developing tests, training and analysis to help system owners gauge and mitigate risk on their Information Systems.
For more information on RMF click here.