DeNexus launches DNX CSF: a new cybersecurity framework that solves the need for a lightweight, evidence-based Risk Assessment!
After countless customer interactions discussing cyber risk andthousands of hours poring over the top cybersecurity frameworks and standards, DeNexus decided to take on the task of creating our own Cyber Security Framework, DNX CSF 1.0.
AlthoughNISTCyber Security Framework (CSF) is widely adopted globally as a reference for defining functional cybersecurity, it does not include a simple set of questions that can quickly determinea level of conformance.Also, most frameworks do not consider automated versus manual assessments.
Having simpler questions that can be answered faster with data is necessary for evidence-based data analytics Cyber Risk Quantification and Management platforms like DeNexus’ flagship DeRISK.
A new framework was necessary. A purpose-built, lightweight cybersecurity framework explicitly developed for Operational Technology (OT) / Industrial Control Systems (ICS) assessment purposes; one that’s easy to inform by both questions (interviewing people) and automated assessment (interviewing machines / leveraging telemetry) … and that’s how DNX CSF 1.0 was born!
The DeNexus team took a methodical approach to the creation of the framework. DNX CSF aligns with the 23 categories of NIST CSF 1.1, including components of MITRE D3FEND, to produce outcome statements for the security controls that were tangible and easy for the user to understand. At the same time addressing OT cybersecurity and its unique differentiation from Information Technology (IT) systems and networks.
What does the DNX CSF 1.0 Security Framework consist of?
Just like NIST CSF, the DNX CSF security controls can be grouped by category. We have a total of six (6) categories ranging from Governance to Vulnerability Management. Each category contains at least three (3) security controls. One majorobjective of this project was to ensure that each security control in DNX CSF was outcome-based to ensure the user could easily understand and answer the control. The security controlsaresimple language with a focus on clarity and low ambiguity.
We are very excited to incorporate DNX CSF 1.0toDeRISKv.5.4 andfor our customers to use the framework.DeRISK v5.4 also offers NIST CSF 1.1 and ISO27001, and all of them map to each other, so organizations can use their framework of choice. For organizations that are just beginning their cybersecurity journey, they can begin with the simpler DNX CSF, and later expand to NIST CSF or other as they increase their maturity and experience.
This is only the very first iteration of the new cybersecurity framework by DeNexus and we look forward to customer and industry feedback and learn from our peers to improve the next version of DNX CSF!