Patented Model Deconstructs the Complex Framework, Offering Rapid, Easy Implementation and Reporting
ARLINGTON, Va., Nov. 6, 2017 – Secure Systems Innovation Corporation (SSIC), a cyber risk advisory firm that empowers informed business decision making, is announcing the expanded application of X-Analytics™, its patented method for measuring and modeling cyber risk, for organizations adopting the National Institutes of Standard and Technology (NIST) Cyber Security Framework (CSF).
The May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure mandates federal agencies use the NIST Cyber Security Framework to establish and maintain an ongoing risk management program as a cybersecurity priority.
“Effective implementation of the NIST Cyber Security Framework requires an organization to interconnect the various layers and subcategories of the framework with enterprise risk management efforts, resulting in layers of complexity that strain broader adoption of the framework,” said Robert Vescio, managing director of risk services at SSIC. “X-Analytics offers organizations a seamless way to establish metrics and integrate with the framework, while easing their implementation burden and providing an objective and efficient approach to implementation.”
SSIC’s X-Analytics Cyber Risk Intelligence provides a complete, objective picture of enterprise cyber risk, now incorporating NIST CSF Core, Tier, and Profile elements. The model allows organizations to predict the likelihood and financial damages associated with a cyber attack, communicated in simple economic terms.
X-Analytics Simplifies, Prioritizes the NIST Framework
X-Analytics enables rapid adoption of the NIST framework in the following ways:
Alignment: SSIC has created a proprietary process that associates each of the subcategories to a strict NIST CSF tier definition. Organizations benefit from insight into their current profile status, as well as understand any gaps that may exist between their current profile and target profile.
Prioritization: Organizations can determine not only whether subcategories have been met, but also how they have been implemented. This can accelerate an organization’s ascension to their target tier.
Risk awareness: Leveraging X-Analytics’ data-aggregation capabilities, organizations have constant awareness of their risk profile and prioritized risk-remediation guidelines.
“Both private and public-sector organizations have been searching for metrics related to how the various NIST CSF components align with business objectives,” said Larry Clinton, president, Internet Security Alliance. “Any metrics-based approach must also bring forward a cost-effective and objective solution for prioritized NIST CSF implementation.”
Through SSIC’s partnership with TRU8 Solutions, X-Analytics for NIST is also available within the RSA Archer Platform and can be incorporated into an organization’s federal continuous diagnostics and mitigation (CDM) strategy, if applicable.
SSIC is holding a NIST CSF implementation workshop on Nov. 30, 2017, from 8:30 AM ET to 11 AM ET, at the National Press Club in Washington, D.C. that will teach participants how to optimize NIST CSF implementation through the adoption of the X-Analytics cyber risk model. Registration for the free event is available here.