The Cybersecurity Framework is a guidance for organizations that was created by the National Institute of Standards and Technology (NIST) for reducing cybersecurity risk. NIST designed this framework with direction from the White House as a “common language” for cybersecurity risk management with the goal of making it easily understood by people will all levels of cybersecurity knowledge. This framework was initially created for use by companies that are a part of the U.S. critical infrastructure, but many organizations in the private and public sector have begun using the approach.
There are five functions to the Cybersecurity Framework: Identify, Protect, Detect, Respond, and Recover. The five functions are the highest-level view of what the Framework does and the basis of enabling management decisions.
Identify
The Identify Function’s main purpose is to help an organization manage cybersecurity risks to people, systems, data, assets and capabilities. An organization needs to understand which resources support critical functions and the related cybersecurity risks. This enables them to create a strategy that protects the assets that allow them to function at a basic level.
Examples of outcome categories within this Function include (copied from the NIST website):
- Identifying physical and software assets within the organization to establish the basis of an Asset Management program
- Identifying the Business Environment, the organization supports including the organization's role in the supply chain, and the organizations place in the critical infrastructure sector
- Identifying cybersecurity policies established within the organization to define the Governance program as well as identifying legal and regulatory requirements regarding the cybersecurity capabilities of the organization
- Identifying asset vulnerabilities, threats to internal and external organizational resources, and risk response activities as a basis for the organizations Risk Assessment
- Identifying a Risk Management Strategy for the organization including establishing risk tolerances
- Identifying a Supply Chain Risk Management strategy including priorities, constraints, risk tolerances, and assumptions used to support risk decisions associated with managing supply chain risks
Protect
The Protect Function aids the organization in outlining safeguards to ensure delivery of infrastructure services. This basically helps to limit the impact of a cybersecurity event.
Examples of outcome categories within this function include (copied from the NIST website):
- Protections for Identity Management and Access Control within the organization including physical and remote access
- Empowering staff within the organization through Awareness and Training including role based and privileged user training
- Establishing Data Security protection consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information
- Implementing Information Protection Processes and Procedures to maintain and manage the protections of information systems and assets
- Protecting organizational resources through Maintenance, including remote maintenance, activities
- Managing Protective Technology to ensure the security and resilience of systems and assists are consistent with organizational policies, procedures, and agreements
Detect
This Function defines the activities used to identify a cybersecurity event. It’s purpose is to ensure that an organization discovers an event in a timely manner so that a response can be deployed.
Examples of outcome categories within this Function include (copied from the NIST website):
- Ensuring Anomalies and Events are detected, and their potential impact is understood
- Implementing Security Continuous Monitoring capabilities to monitor cybersecurity events and verify the effectiveness of protective measures including network and physical activities
- Maintaining Detection Processes to provide awareness of anomalous events
Respond
The Respond Function is the strategy for responding to detected cybersecurity events. The main goal is to minimize the result of any cybersecurity event.
Examples of outcome categories within this Function include (copied from the NIST website):
- Ensuring Response Planning process are executed during and after an incident
- Managing Communications during and after an event with stakeholders, law enforcement, external stakeholders as appropriate
- Analysis is conducted to ensure effective response and support recovery activities including forensic analysis, and determining the impact of incidents
- Mitigation activities are performed to prevent expansion of an event and to resolve the incident
- The organization implements Improvements by incorporating lessons learned from current and previous detection / response activities
Recover
When a cybersecurity event happens, normal operations may be impacted, or data may be lost. The Recover Function is the maintenance plan for resilience and to restore any impacted operations, data, or people.
Examples of outcome categories within this Function include:
- Ensuring the organization implements Recovery Planning processes and procedures to restore systems and/or assets affected by cybersecurity incidents
- Implementing Improvements based on lessons learned and reviews of existing strategies
- Internal and external Communications are coordinated during and following the recovery from a cybersecurity incident
Utilizing the NIST Cybersecurity Framework is a great way to ensure that you are protecting your organization from potential threats. This Framework is even used by government auditors so when your organization meets with auditors, the process is much simpler and working with them is seamless. Our partner NOCDOC specializes in cybersecurity – specifically the Cybersecurity Framework. If you have questions about your own practices or would like help analyzing your organization reach out to us.
763.475.5500 | ContactUs@Matrix-NDI.com