The NIST framework consists of standards, guidelines and best practices to manage cybersecurity risk.
The NIST Cybersecurity Framework can be considered a great tool to be leveraged to help everyone in any size or type of organisation understand security threats and guide sound judgment in implementing security processes, policies, procedures and appropriate technologies to address real risk.
The five major functions of the framework make sure you identify your assets and setup appropriate protections, detect anomalies and respond to identified risks as well as having appropriate plans in place to make sure your business can recover.
SecureIT can guide you through this compliance and security effort and provide you with the solutions and services required to meet all the requirements
The Five Functions of the Framework "NIST Cyber Security Framework"
- Identify “You have to know what you have, before you can protect it”
- AM – Asset Management, BE – Business Environment, GV – Governance, RA – Risk Assessment, RM – Risk Management Strategy
- Protect “Defense is the primary activity”
- AC – Access Control, AT – Awareness Training, DS – Data Security, IP – Information Protection processes & procedures, PT – Protective Technology
- Detect “You need to be able to find anomalies”
- Anomalies and Events, CM – Security Continuous Monitoring, DP – Detection Processes
- Respond “What do you do when you find something wrong?”
- RP – Response Planning, CO – Communications, AN – Analysis, MI – Mitigation, IM – Improvements
- Recover “How does business get back to normal after an incident?”
- RP – Recovery Planning, IM – Improvements, CQ – Communications
Complying with the NIST Cybersecurity Framework and using the NIST Risk Management Framework makes sure your company has appropriate security controls in place and that you deal with threats based on risk. It was developed to make sure that nations critical infrastructure maintain a cyber environment that is secure and resilient
