Cybersecurity

F&D Cybersecurity Assessment Methodology

We leverage a combination of established frameworks and standards, customized for your organization’s risks, needs and requirements, including:

• National Institute of Standards and Technology (NIST)
• Federal Information Security Management Act of 2002 (FISMA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Healthcare Information Trust Alliance (HITRUST)
• Payment Card Industry (PCI) Security Standards Council
• Federal Financial Institutions Examination Council (FFIEC)
• SOC Examinations
• International Organization for Standards (ISO) 27001/2
• Control Objectives for Information and Related Technology (COBIT)

Understanding the NIST Framework

We utilize the industry-specific profiles of the National Institute of Standards and Technology (NIST) Cybersecurity Framework to assess the state of your cybersecurity. This framework was developed in 2014 in the wake of an Executive Order issued by President Obama, and it provides a set of industry standards and best practices to help organizations better manage cybersecurity risks.

The Framework consists of:

• 5 Core Functions (Identify, Protect, Detect, Respond, Recover)
• 22 categories within those functions
• 98 subcategories
• 4 tiers to determine current state maturity
• Profiles that are specific to industries