The NIST Cybersecurity Framework provides a simple but effective method for managing cybersecurity incidents, which can be applied to various organisations of different sizes and levels of complexity. The five function approach guides organisations through the steps of recognising a cyber incident and responding appropriately.
Defining NIST
The NIST Cybersecurity Framework, developed by the National Institute of Standards and Technology (NIST), is a comprehensive set of guidelines, standards, and best practices to help organisations manage and improve their cybersecurity. It provides a structured approach for identifying, protecting, detecting, responding to, and recovering from cyber threats and incidents.
The framework is designed to be flexible, scalable, and adaptable to various industries and organisational sizes. It serves as a valuable resource for enhancing cybersecurity resilience and aligning with regulatory requirements. By implementing the NIST Cybersecurity Framework, organisations can better safeguard their assets, data, and operations against evolving cyber risks.
The Five Core Functions of NIST Cybersecurity Framework
1. Govern
The Govern function is designed to ensure that cybersecurity risks are managed in alignment with business objectives and are integrated into the overall enterprise risk management strategy. Key activities within the Govern function include:
- Establishing clear cybersecurity governance structures and processes to support informed decision-making and accountability
- Defining roles and responsibilities for cybersecurity across the organisation to ensure a coherent approach to risk management
- Incorporating cybersecurity risks into the organisation’s overall risk management policies and procedures
- Developing, maintaining, and enforcing cybersecurity policies and processes that support the organisation’s strategic objectives and compliance requirements
- Engaging stakeholders and fostering a shared understanding of cybersecurity risks and responsibilities at all levels of the organisation
2. Identify
The first function is to help your organisation align its strategic direction and priorities with cybersecurity risks to systems, people, assets, data, and capabilities. The Identify function helps to lay the groundwork for an effective program, allowing an organisation to develop a full understanding of their operating environment and context. Some of the key activities undertaken in this function include:
- Conducting an audit of hardware and software assets
- Identifying organisation’s position and role in the supply chain
- Considering existing cybersecurity policies
- Identifying all legal and regulatory requirements
- Establishing any threats and vulnerabilities, and considering ways to mitigate these risks
3. Protect
The Protect function focuses on putting in place appropriate safeguards and risk mitigation measures. Some of the key activities undertaken in this function include:
- Implementing access control protections, including physical and remote access
- Conducting security awareness training for staff
- Implementing processes and procedures to maintain and manage the protections of information systems and assets
- Conducting regular maintenance on technology, systems and physical assets to ensure resources are protected
- Keeping up to date with the latest technology to ensure the security and resilience of systems
4. Detect
The third function, Detect, occurs when a cybersecurity incident occurs and defines the appropriate activities to detect the breach. Some of the key activities undertaken in this function include:
- Ensuring all incidents and events are detected
- Ensuring the potential impact of these incidents is understood
- Implementing continuous monitoring capabilities to monitor cybersecurity events
5. Respond
Following on from the Detect function, the Respond function focuses on activities taken to respond to a detected cybersecurity incident and manage the impact. Some of the key activities undertaken in this function include:
- Following response processes during and after an incident
- Analysing the incident to determine the impact, including forensic analysis
- Supporting recovery activities
- Performing mitigation activities to prevent expansion of escalation of the incident
- Communicating with internal and external stakeholders
- Considering lessons learnt and making improvements to processes
6. Recover
The Recover function identifies how to restore services and capabilities to return to normal operations as quickly as possible. Some of the key activities undertaken in this function include:
- Ensuring the organisation implements recovery planning processes and procedures to restore systems and/or assets
- Reviewing strategies and making changes as needed
- Continuing effective communications with stakeholders
Why the NIST Cybersecurity Framework Works
The NIST Cybersecurity Framework’s combination of flexibility, risk management focus, and industry-wide acceptance makes it extremely effective in helping organisations bolster their cybersecurity defences. The framework allows organisations of varying sizes and industries to tailor the framework to their specific needs and risk profiles.
The framework’s emphasis on risk management enables organisations to prioritise their cybersecurity efforts, allocating resources where they are most needed. Additionally, its alignment with international standards and its widespread adoption across industries enhance its credibility and utility.
Tags:
