Provider Spotlight: Lumen

At Lumen, we see many customers struggling with cybersecurity.  Especially those looking to improve their security posture by measuring themselves against a Regulatory Standard or Framework. There are many frameworks to choose from such as SOC 2, ISO 27001, NIST CSF, HIPAA, PCI DSS, HITRUST, COBIT, NIST 800-53, and NIST 800-171 , but NIST is one of the most common frameworks, and knowing how we align with NIST is essential for sharing insight and providing value to our customers.

NIST Cybersecurity Framework

For those unfamiliar with it, the NIST Cybersecurity Framework is a voluntary set of standards, guidelines, and best practices that help organizations improve their cybersecurity posture.  It was developed by the US National Institute of Standards and Technology (NIST) based on existing standards, guidelines, and practices from various sources, including industry, academia, and government agencies.

Five key functions organize the NIST Framework: Identify, Protect, Detect, Respond, and Recover.

Aligning to a framework such as NIST enables organizations to baseline their current cybersecurity state, risk appetite, and tolerance, helping to map out and prioritize their appropriate goals and actions.

Note that the Framework does not prescribe specific solutions or technologies but provides a common language and structure for cybersecurity posture development and risk management.

The following is a simplistic list of actions taken in each stage of the Framework:

  • Identify: Establish the organizational context, scope, roles, and responsibilities for cybersecurity risk management.  Identify the assets, systems, data, and resources that must be protected.  Assess the threats, vulnerabilities, impacts, and likelihoods of cyber incidents.  Determine the risk appetite and tolerance of the organization.  Develop a current profile that reflects the existing cybersecurity outcomes and activities.
  • Protect: Implement appropriate safeguards and controls to protect the identified assets, systems, data, and resources from unauthorized access, use, modification, or destruction.  Ensure the information and services’ confidentiality, integrity, availability, and quality.  Train and educate the workforce on cybersecurity policies and procedures.  Maintain a backup and recovery plan for critical data and systems.
  • Detect: Implement appropriate tools and processes to monitor and detect anomalous or malicious activities on the network or systems.  Establish baselines and thresholds for normal operations and performance.  Analyze the data collected from various sources to identify potential threats or incidents.  Report and escalate any detected events or incidents according to predefined procedures.
  • Respond: Implement appropriate actions to contain, isolate, eradicate, or mitigate the impact of detected events or incidents.  Follow predefined incident response plans and procedures.  Coordinate with internal and external stakeholders, such as management, legal, law enforcement, or customers.  Communicate relevant information about the incident status, impact, actions taken, lessons learned, etc.
  • Recover: Implement appropriate actions to restore normal operations and services as soon as possible after an incident.  Assess the effectiveness of the response actions and identify any gaps or weaknesses.  Implement corrective actions or improvements based on the lessons learned from the incident.  Update the current profile to reflect any changes or enhancements in the cybersecurity outcomes or activities.

Now, you are probably asking yourself, what does this have to do with us, and how can we help customers better align to a framework like NIST?

As a global leader in providing network, cloud, and security solutions, combined with the visibility of Black Lotus Labs, we can give customers actionable insights and recommendations to improve their security posture, enhancing their ability to identify and protect their assets, detect and respond to cyber incidents, and recover from potential disruptions.

An Expert Partner You Can Trust

TruPoint partners can leverage our expertise and support in the way that makes the most sense for your business. Whether you lack internal expertise or need a true consultant for your customers’ telecom and IT services, you can rely on us to guide your customer to the right solution at the best possible price, every time.

Discover how businesses have grown with us.

We’re here to devote our experience and resources to you.

300+ leading industry providers.

150 combined years of industry experience.

Founded in 2009 after years spent in other telecom agencies.

Expand your business with our customized referral programs.

TruPoint is the strategic partner MSPs can trust to broaden their service portfolios and better serve their customers.

I'd like to partner