The NIST framework consists of standards, guidelines and best practices to manage cybersecurity risk.
The NIST Cybersecurity Framework can be considered a great tool to be leveraged to help everyone in any size or type of organisation understand security threats and guide sound judgment in implementing security processes, policies, procedures and appropriate technologies to address real risk.
The five major functions of the framework make sure you identify your assets and setup appropriate protections, detect anomalies and respond to identified risks as well as having appropriate plans in place to make sure your business can recover.
The Five Functions of the Framework "NIST Cyber Security Framework"
- Identify “You have to know what you have, before you can protect it”
- AM – Asset Management, BE – Business Environment, GV – Governance, RA – Risk Assessment, RM – Risk Management Strategy
- Protect “Defense is the primary activity”
- AC – Access Control, AT – Awareness Training, DS – Data Security, IP – Information Protection processes & procedures, PT – Protective Technology
- Detect “You need to be able to find anomalies”
- Anomalies and Events, CM – Security Continuous Monitoring, DP – Detection Processes
- Respond “What do you do when you find something wrong?”
- RP – Response Planning, CO – Communications, AN – Analysis, MI – Mitigation, IM – Improvements
- Recover “How does business get back to normal after an incident?”
- RP – Recovery Planning, IM – Improvements, CQ – Communications