Cyber Security

You are here

Cyberattacks targeting organizations continue to escalate in frequency and sophistication. Recent cyber breaches and events have significantly increased the attention and focus on cyber risk management, and compelled more organizations to understand their current level of cybersecurity preparedness and the level of effort required to satisfactorily address current and emerging cyber threats.

To help all industries address these rising threats, the National Institute of Standards and Technology (NIST) issued the Framework for Improving Critical Infrastructure Cyber Security, also referred to as the NIST Cyber Security Framework. The intent of the NIST Cyber Security Framework, created through collaboration between industry and government, is to provide high-level guidance around information protection standards and best practices to help critical infrastructure, including the Healthcare and Public Health Sector, manage cybersecurity risk consistently and effectively. NIST recommends organizations evaluate and incorporate the requirements and guidance outlined in the NIST Cyber Security Framework in the context of their overall information protection requirements. Organizations should add those necessary industry or sector-specific requirements (e.g., regulations, policies, best practices) to ensure information is adequately protected and cyber risk is properly controlled. This is an important element, as the NIST Cyber Security Framework was not intended to be implemented without development of appropriate industry and organization specific requirements.

The HITRUST Risk Management Framework (RMF)—consisting of the HITRUST CSF, HITRUST CSF Assurance and supporting methods and tools—provides a harmonized set of reasonable and appropriate safeguards specifically designed to address healthcare-related information security and privacy threats, satisfy due diligence and due care requirements for the adequate protection of sensitive information. The HITRUST RMF also provides a standard, consistent means of sharing information security and privacy risk information with internal and external stakeholders, such as executive management, regulators and business partners. It also ensures compliance with relevant regulatory and other best practice requirements, such as HIPAA, CMS, PCI-DSS, various ISO and NIST standards including the Cyber Security Framework.

The Risk Management Framework (RMF) is the “common information security framework” for the federal government and its contractors. The stated goals of RMF are:

  1. To improve information security
  2. To strengthen risk management processes
  3. To encourage reciprocity among federal agencies

RMF effectively transforms traditional Certification and Accreditation (C&A) programs into a six-step life cycle process consisting of:

  1. Categorization of information systems
  2. Selection of security controls
  3. Implementation of security controls
  4. Assessment of security controls
  5. Authorization of information systems
  6. Monitoring of security controls

The NYSA team has experience with implementing cybersecurity process based on the new Risk Managment Framework for the DoD, Federal Agencies, Commercial and healthcare industries. Members of the NYSA team are certified Healthcare CISSP (HCISSP) and full trained in the HiTrust Risk Management Framework.


NYSA LLC is a boutique IT consulting firm based in Rockville, Maryland. NYSA is Greek and it means "a new beginning". NYSA is a small disadvantaged minority own enterprise. We provide specialized solutions in web application development, cyber security, IT infrastructure modernization and strategic IT solutions. NYSA operates based on a very lean structure where decisions are made effectively and swiftly. The company employs an agile methodology in its operation and crafting of IT solutions.

Layout Style


Predefined Colors