2 min read

DeNexus launches DNX CSF! A new lightweight, evidence-based Cybersecurity Framework.

Featured Image

DeNexus launches DNX CSF: a new cybersecurity framework that solves the need for a lightweight, evidence-based Risk Assessment! 

After countless customer interactions discussing cyber risk and thousands of hours poring over the top cybersecurity frameworks and standards, DeNexus decided to take on the task of creating our own Cyber Security Framework, DNX CSF 1.0.  

Although NIST Cyber Security Framework (CSF) is widely adopted globally as a reference for defining functional cybersecurity, it does not include a simple set of questions that can quickly determine a level of conformance. Also, most frameworks do not consider automated versus manual assessments. 

Having simpler questions that can be answered faster with data is necessary for evidence-based data analytics Cyber Risk Quantification and Management platforms like DeNexus’ flagship DeRISK.

A new framework was necessary. A purpose-built, lightweight cybersecurity framework explicitly developed for Operational Technology (OT) / Industrial Control Systems (ICS) assessment purposes; one that’s easy to inform by both questions (interviewing people) and automated assessment (interviewing machines / leveraging telemetry) … and that’s how DNX CSF 1.0 was born!  

The DeNexus team took a methodical approach to the creation of the framework. DNX CSF aligns with the 23 categories of NIST CSF 1.1, including components of MITRE D3FEND, to produce outcome statements for the security controls that were tangible and easy for the user to understand. At the same time addressing OT cybersecurity and its unique differentiation from Information Technology (IT) systems and networks. 

 

What does the DNX CSF 1.0 Security Framework consist of?

Just like NIST CSF, the DNX CSF security controls can be grouped by category. We have a total of six (6) categories ranging from Governance to Vulnerability Management. Each category contains at least three (3) security controls. One major objective of this project was to ensure that each security control in DNX CSF was outcome-based to ensure the user could easily understand and answer the control. The security controls are simple language with a focus on clarity and low ambiguity.

DNX-CSF-2-1
Default image alt text
Default image alt text
Default image alt text
Default image alt text

We are very excited to incorporate DNX CSF 1.0 to DeRISK v.5.4 and for our customers to use the framework. DeRISK v5.4 also offers NIST CSF 1.1  and  ISO27001, and all of them map to each other, so organizations can use their framework of choice. For organizations that are just beginning their cybersecurity journey, they can begin with the simpler DNX CSF, and later expand to NIST CSF or other as they increase their maturity and experience. 

This is only the very first iteration of the new cybersecurity framework by DeNexus and we look forward to customer and industry feedback and learn from our peers to improve the next version of DNX CSF! 

Thank you to the entire DeNexus SME staff! 

 

                                             ______________________________________________________________

 

Find out more about DeRISK, a comprehensive Cyber Risk Quantification and Management platform!

Let Us Tell You More With A No-Pitch Consultation & Access The DeRISK Platform! 

                                                                                            

Cyber Risk Quantification and Management for Natural Gas Production

'CRQM for Natural Gas Production' is written by DeNexus' Director of OT Cybersecurity,  Donovan Tindill

Read More

Cyber Risk Quantification and Management for Electric Power Generation Systems

'Cyber Risk Quantification and Management for Electric Power Generation Systems' is written by DeNexus' Director of Cybersecurity,  Juan Carlos...

Read More

Cyber Risk Quantification and Management for Electric Transmission & Distribution Systems

'CRQM in Electric Transmission and Distribution Systems' is written by DeNexus' Director of Cybersecurity,  Juan Carlos Cortinas

Read More