SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Expel unveils updated cybersecurity toolkit aligning with NIST CSF 2.0
Thu, 21st Mar 2024

Expel, a front-runner in managed detection and response (MDR) services, has unveiled an updated version of its 'National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) Getting Started' toolkit, aligning with the newly introduced version 2.0 of the NIST CSF. Comprising a user-friendly guide and a self-scoring spreadsheet, the enhanced kit is designed to assist security officers and operators examine their cybersecurity positions.

The NIST CSF has been pivotal over the past decade in aiding companies in evaluating their cybersecurity readiness and pinpointing areas for improvement. The latest 2.0 version broadens these foundations.

Greg Notch, Chief Information Security Officer at Expel, expressed his perspective: "Even the strongest security programmes have room for improvement. Our NIST CSF kit makes it easy for security teams to understand the latest updates to the framework. It provides up-to-date resources to better understand how their programmes and controls rate across critical security functions."

Recent research by the SANS Institute, sponsored by Expel, indicated that nearly three out of four businesses (74%) are utilising a framework using the NIST CSF. Moreover, the 2.0 version of the frameworks brings in a fresh 'Govern' function, enhancing understanding of how to prioritise investments for improving risk posture across the CSF's other areas: Identify, Protect, Detect, Response, and Recover. The latest update also incorporates 'Framework Tiers', outlining the usual rigour of cybersecurity risk governance and management practices across an organisation.

The revamped guide from Expel helps security leaders and operators comprehend the framework and decode its functions, categories, subcategories, and tiers. The accompanying self-scoring spreadsheet lets users assess their present, future, and goal states for each outcome in the CSF and provides lucid charts for resource allocation guidance.

Clarifying the user-friendliness of the NIST CSF recommendations, Notch added: "The recommendations in the NIST CSF are designed to be easy to understand and implement, but can seem intimidating to those folks who are assessing their organisations with it for the first time."

"This kit makes it simple for teams to complete their initial assessments using the new framework in just a couple of hours. More importantly, it sets up teams to conduct future assessments at regular intervals so they can focus on continuous improvement," said Notch. 

After launching easy-to-use mind maps for SOC teams earlier in the year, Expel is offering these resources to the wider cybersecurity community to enhance business protection. As cybersecurity threats evolve, staying ahead requires proactive measures and constant evaluation of security frameworks. 

With the launch of the updated NIST CSF Getting Started toolkit, Expel is empowering security teams to fortify their defences efficiently. By simplifying the complexities of cybersecurity assessment and providing practical guidance, Expel is not just offering a toolkit but fostering a culture of continuous improvement within organisations.

As businesses navigate the ever-changing landscape of digital threats, tools like these serve as invaluable assets in safeguarding against potential risks and ensuring resilience in the face of adversity.