OverviewThe NIST cybersecurity framework is a powerful tool to organize and improve your cybersecurity program. It is a set of guidelines and best practices to help organizations build and improve their cybersecurity posture. The framework puts forth a set of recommendations and standards that enable organizations to be better prepared in identifying and detecting cyber-attacks, and also provides guidelines on how to respond, prevent, and recover from cyber incidents. Show
Drafted by the National Institute of Standards and Technology (NIST), this framework addresses the lack of standards when it comes to cybersecurity and provides a uniform set of rules, guidelines, and standards for organizations to use across industries. The NIST Cybersecurity Framework (NIST CSF) is widely considered to be the gold-standard for building a cybersecurity program. Whether you’re just getting started in establishing a cybersecurity program or you’re already running a fairly mature program, the framework can provide value — by acting as a top-level security management tool that helps assess cybersecurity risk across the organization. The framework categorizes all cybersecurity capabilities, projects, processes, daily activities into these 5 core functions: NIST Cybersecurity FrameworkHere are some tips on getting started on using the NIST CSF in your organization without getting bogged down and lost in the minutia of the specification documents. 5 Core Functions of NIST Cybersecurity FrameworkIDENTIFYThe Identify function is focused on laying the groundwork for an effective cybersecurity program. This function assists in developing an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. To enable an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs, this function stressed the importance of understanding the business context, the resources that support critical functions, and the related cybersecurity risks. Essential activities in this group include:
PROTECTThe Protect function outlines appropriate safeguards to ensure delivery of critical infrastructure services and supports the ability to limit or contain the impact of a potential cybersecurity event. Critical activities in this group include:
DETECTDetecting potential cybersecurity incidents is critical and this function defines the appropriate activities to identify the occurrence of a cybersecurity event in a timely manner. Activities in this function include:
RESPONDThe Respond function focuses on appropriate activities to take action in case of a detected cybersecurity incident and supports the ability to contain the impact of a potential cybersecurity incident. The essential activities for this function include:
RECOVERThe Recover function identifies appropriate activities to renew and maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. Timely recovery to normal operations is impressed upon, to reduce the impact from a cybersecurity incident. Essential activities for this function somewhat overlap with those of Respond and include:
Why should I use the NIST Cybersecurity Framework?First, let’s take a step back and list the cybersecurity issues that are probably top of mind.
The framework can help you with these challenges. You will be able to leverage the learnings of people who have successfully addressed similar problems. The objective of the framework is to help you prioritize cybersecurity investments and decisions. The framework also helps you reason about the maturity of your program and provides a framework for conversations with stakeholders including your senior management and your board of directors. How to get started with NIST Cybersecurity FrameworkAligning with the framework means enumerating all your activities and labelling these elements with one of these 5 function labels. For example, the Identify label will be for tools that help you inventory your assets. Tools like Firewalls and Crowdstrike will go into Protect. However, depending on their capabilities you would also put them in Detect along with your IDS and SIEM. Your incident response tools and playbooks go into Respond. Your backup and recovery tools are part of Recover. Once you have gone through this exercise, some of your buckets may feel more empty than others and you may feel uncomfortable about the corresponding function description in the picture above. That’s good — now you can articulate what your cybersecurity program is missing. Understanding Maturity Levels in NIST LanguageThe framework guides you to think about “maturity levels” for each of these functional areas. In NIST language, these levels are called “implementation tiers” to avoid confusion with CMMI’s Levels. NIST Implementation TiersThe idea is that as you add capabilities, you go to higher implementation tiers. The tier names Partial, Informed, Repeatable and Adaptive imply exactly what their English language meaning says. The holy grail is the “Adaptive” tier — which means your cybersecurity program is as good as it gets. You might even choose to draw a line (“Peer Benchmark”) for where you want to get to based on your knowledge of other companies that are similarly situated as yours do. Implementing and improving your cybersecurity programWhile all the functions of the NIST CSF are important for different reasons, the Identify function is foundational. Identify is all about developing an accurate IT asset inventory, and understanding the criticality of assets. Identify is also concerned about discovering vulnerabilities that attackers can exploit. To take a human analogy, Identify capabilities are like your senses, and help by providing direction to your cybersecurity program. We recommend that you begin the framework alignment of your cybersecurity program by focusing on Identify. The picture below shows the relationship between Identify and the other cybersecurity functions. The Identify Function is FoundationalRecommended Reading: How to implement and improve your Identify capabilities in a straightforward way. Once you are well on your way with Identify, You can learn about How to implement the Protect and Detect functions. No matter how good your program, some of your enterprise’s components will be breached at some point of time. Therefore it is also important to make sure what you will do when you discover a (hopefully minor) data breach, and how you would restore your systems back to their state before the breach. Respond and Recover are the essential reenergizing engines of the NIST CSF. Additional details about implementing the Respond and Recover functions will be covered in an upcoming article. The NIST cybersecurity framework as a system for board-level reportingSample CISO Operational Plan for Information SecurityThe NIST framework works very well for board level reporting. If you are a new CISO, here is a set of slides that allow you to introduce your InfoSec strategy and plan by aligning with the framework. Here is what your ongoing quarterly presentation looks like. ContentsFrequently Asked Questions About NIST Cybersecurity Framework What are the five elements of the NIST cybersecurity framework? The framework categorizes all cybersecurity capabilities, projects, processes, daily activities into these 5 core functions: What does NIST stand for in NIST cybersecurity framework? NIST stands for the National Institute of Standards and Technology, which operates under the US Department
of Commerce.NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. What is the de function in the National Institute of standards technology NIST cybersecurity framework?Detect (DE) The purpose of the Detect function is to ensure the timely detection of cybersecurity events. And according to the NIST CSF, Detect is defined as: “Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.”
What are the five functions of the NIST cybersecurity framework?The NIST Cybersecurity Framework: An Introduction to the 5.... Identify.. Protect.. Detect.. Respond.. Recover.. What are the three categories of the Detect de function of the NIST cybersecurity framework?The National Institute of Standards and Technology (NIST) Cybersecurity Framework has been touted as a gold-standard framework for managing cybersecurity risk. The NIST CSF is composed of three main elements: The Framework Core, Profiles, and Implementation Tiers.
What is the goal of the Protect stage in the plan protect respond cycle?Possible responses to an attack:
The primary goal of "Protect and Proceed" is the preservation of site assets and the timely return to normal activities.
|