1

Cybersecurity Program
 2

References

Contents
Regulations/Compliance and Business Requirements............................................................................3
Cybersecurity Framework........................................................................................................................3
The National Institute of Standards and Technology (NIST) Cybersecurity Framework...............3
Justification for the Choice of Framework......................................................................................5
Critical Assets and Processes....................................................................................................................5
How and Why the Critical Assets and Processes Need To Be Protected...........................................6
Cybersecurity Approach...........................................................................................................................7
References..................................................................................................................................................8
 3

Regulations/Compliance and Business Requirements

In order to monitor and evaluate systems, devices, and networks to make sure they abide

by legal provisions, along with domestic and international cybersecurity standards, BioHuman

will carry out cybersecurity oversight functions. Being out of compliance carries risks that could

expose the company and its clients to cyberattacks, intrusions, and penalties from governing

bodies. Because of this, it’s critical for BioHuman to handle security compliance. Cybersecurity

Compliance requires BioHuman to adhere to a number of procedures put in place by governing

agencies, the government, and the business community to safeguard the privacy, availability, and

integrity of information. Utilizing a variety of distinct organizational procedures and

technological tools to protect data is often required to meet regulatory requirements (Harris &

Martin, 201).

To avoid intrusions, BioHuman must make smart choices. To achieve this outcome, it

must be able to identify an attack’s warning indications as well as its strategies, guidelines, and

approaches utilizing established markers as a guide. Utilizing these signs, context, and practical

insights to identify current and potential risks to corporate assets is known as threat intelligence.

The information offered is evidence-based and gives decision-makers the tools they need to

make wise choices as soon as a cyber-incident occurs (Harris & Martin, 201). The threat will be

contextualized by flaws like unprotected organizational credentials, potentially unwanted

programs, hardware setups, or company operational strategies. The knowledge required to

properly deal with cybersecurity issues will be provided by identifying the unintentional or

intentional actions of a specific team member (Li et al, 2019).

Cybersecurity Framework

The National Institute of Standards and Technology (NIST) Cybersecurity Framework

The NIST framework is broken down into five major functions:

1. Identify

In order to effectively manage cybersecurity risk to technologies, resources, knowledge, and

competencies, the Framework’s function requires that corporate expertise be developed. The

organization is the primary priority, particularly considering the available resources and how it

pertains to risk management activities (NIST, 2022).

2. Protect

Since the Framework’s goal is to create and put in place suitable mechanisms to guarantee the

supply of vital infrastructure functions, this component is crucial. A possible cybersecurity

event’s consequences can be limited or contained with the help of the Protect feature (NIST,

2022).

3. Detect

To perform this role, the required activities must be developed and put into place in order to

detect the existence of a cybersecurity incident. This makes it possible to quickly uncover

cybersecurity occurrences. A cybersecurity event’s effects might be lessened more quickly the

sooner it is discovered (NIST, 2022).

4. Respond

According to NIST, this operation is focused on creating and putting into practice the proper

responses to a discovered cybersecurity event. To guarantee that the cybersecurity strategy has
 5

improved performance, the role uses reaction preparation, assessment, and remediation actions

(NIST, 2022).

5. Recover

This is described by NIST as the requirement to create and put into action the proper procedures

to sustain strategies for endurance and recover any affected functionalities or services as a result

of a cyber-incident. To lessen the effect of a catastrophic occurrence, the feature facilitates a

prompt return to regular activities (NIST, 2022).

Justification for the Choice of Framework

The Guideline for Strengthening cybersecurity infrastructure, as provided by the National

Institute of Standards and Technology (NIST), will guarantee that BioHuman is guided in

creating and implementing a comprehensive cybersecurity strategy that is in line with the

organization’s particular business requirements and strategic objectives. The approach will offer

a collection of best practices and compliance requirements focused on addressing cybersecurity

risks efficiently (NIST, 2022). The cybersecurity program needs to change depending on the

sorts of data being safeguarded and the specifics. The National Institute of Standards and

Technology (NIST) framework will be a crucial element of information assurance. This will call

for oversight among all BioHuman’s employees, information systems, and business procedures

(NIST, 2022). This proposed model will provide the decision-makers with the strategy they need

to respond to a disruptive event without any mistakes or wait. The NIST framework’s coverage

will include all operating procedures, individuals from within the business, third-party providers,

and hardware connected to the enterprise’s cybersecurity infrastructure (NIST, 2022).

Critical Assets and Processes

The organizational resources that are crucial to sustaining business functions and

attaining the company’s objectives are influenced by its critical assets. (CISA, 2022) The

individuals make up the first group of assets. These people include customers, visitors, vendors,

contractors, and workers. IT systems, communication systems, and network infrastructure are

examples of technology assets. Information assets include confidential or private information

used in trade. Houses, automobiles, and equipment are examples of facilities and equipment.

Processes include the supply chain, whereas systems include Intrusion Detection and Prevention

Systems, alarm systems, and smoke detectors.

When arranged in order of priority, the critical assets will be listed as:

1. Information systems

2. Technology assets

3. People assets

4. Facilities and equipment

How and Why the Critical Assets and Processes Need To Be Protected

The assets are classified as critical because normal operational processes cannot go on

within the organization without them (CISA, 2022). It is for this reason that they have to be

secured. A compromise of the critical assets will either slow down or even stop operations,

resulting in significant financial and market losses. Creating a suitable cybersecurity policy will

be the first step in securing critical resources. Threats and exposures will be taken into account,

and a robust cybersecurity policy will offer thorough coverage of the company’s systems and

resources (CISA, 2022). There will be different cybersecurity policies to address issue-specific

aspects of the organization’s infrastructure. For example, there will be a Shadow IT policy to
 7

address how the BioHuman’s employees utilize the organization’s Information and Technology

resources. It will also be critical to provide physical security to protect the physical resources

such as the buildings and equipment. The data and information systems will be secured by

encryption, regular backups, and proper access control (CISA, 2022).

Cybersecurity Approach.

To defend against cyber intrusions, BioHuman will use architectures, procedures, and

safeguards on its architectures, systems, applications, equipment, and information. This strategy

is intended to minimize the chances of intrusions and safeguard against the illegal use of

technology solutions, communication systems, and software applications (Ben Fredj et al, 2020).

As a result, the firm will use a risk-based strategy. This will be done in a methodical way to

discover, assess, and rank the firm’s cybersecurity risks. The firm will be in a position to

customize its cybersecurity strategy using this technique to meet its unique corporate

requirements and technical limitations.

A business impact analysis will assist BioHuman in the identification, documentation,

evaluation, and ranking of the firm’s important corporate procedures and their structural

relationships. Risks, security flaws, and legislative considerations pertaining to the operational

processes and underpinning relationships of the firm will be identified through a risk assessment

(Li et al, 2019). After that, it will determine probable repercussions if such concerns materialize

and generate a risk output number. The organization will next acknowledge the intolerable risks

and decide which safeguards to define, modify, put into place, and allocate accountability for.
 8

References

Ben Fredj, O., Mihoub, A., Krichen, M., Cheikhrouhou, O., & Derhab, A. (2020, November).

CyberSecurity attack prediction: a deep learning approach. In 13th International

Conference on Security of Information and Networks (pp. 1-6).

CISA. (2022). Protect Assets | CISA. The Cybersecurity and Infrastructure Security Agency.

Retrieved June 27, 2022, from https://www.cisa.gov/protect-assets

Harris, M. A., & Martin, R. (2019). Promoting cybersecurity compliance. In Cybersecurity

education for awareness and compliance (pp. 54-71). IGI Global.

Li, L., He, W., Xu, L., Ash, I., Anwar, M., & Yuan, X. (2019). Investigating the impact of

cybersecurity policy awareness on employees’ cybersecurity behavior. International

Journal of Information Management, 45, 13-24.

NIST. (2022, June 8). Cybersecurity. The National Institute of Standards and Technology.

Retrieved June 27, 2022, from https://www.nist.gov/cybersecurity