Type a search term to find related articles by LIMS subject matter experts gathered from the most trusted and dynamic collaboration tools in the laboratory informatics industry.
Title: Comprehensive Guide to Developing and Implementing a Cybersecurity Plan
Edition: Second
Author for citation: Shawn E. Douglas
License for content: Creative Commons Attribution-ShareAlike 4.0 International
Publication date: March 2023
Look across the internet and you will find a wealth of information about cybersecurity and the cybersecurity plan. However, much of that information is either disparate or, if comprehensive, difficult to access or expensive to acquire. In particular, a walk-through of the various steps involved with how an organization or individual develops, enforces, and maintains a cybersecurity plan is difficult to come by. This guide attempts to fill that gap, including not only a 10-step walk-through but also insight into regulations, standards, and cybersecurity standards frameworks, as well as how they all fit together with cybersecurity planning. Additionally, this document provides access to An Example Cybersecurity Plan, a companion document that provides a representative example of the 10-step walk-through put to use. This guide also includes a slightly simplified version of many of the security controls found in the National Institute of Standards and Technology's (NIST) Special Publication 800-53, Rev. 5, with additional resources to provide context, and mappings to LIMSpec, an evolving set of specifications for laboratory informatics solutions and their development. The guide attempts to be helpful to most any organization attempting to navigate the challenges of cybersecurity planning, with a slight bias towards laboratories implementing and updating information systems.
The second edition updates citations and statistics, as well as grammar. The first edition was released months prior to the NIST 800-53 update from Rev. 4 to 5; this edition is updated throughout to address the changes in that framework to Rev. 5, including Appendix 1.
The table of contents for Comprehensive Guide to Developing and Implementing a Cybersecurity Plan is as follows:
1. What is a cybersecurity plan and why do you need it?
2. What are the major regulations and standards dictating cybersecurity action?
3. Fitting a cybersecurity standards framework into a cybersecurity plan
4. NIST Special Publication 800-53, Revision 5 and the NIST Cybersecurity Framework
5. Develop and create the cybersecurity plan
Appendix 1. A simplified description of NIST Special Publication 800-53 controls, with ties to LIMSpec