Demystifying Cybersecurity Basics Before It's Too Late

Demystifying Cybersecurity Basics Before It's Too Late

Cybersecurity is becoming increasingly important, but much of the information is only available to those with specialized knowledge. We can learn how to protect our digital assets from growing security threats with the NIST -developed standards. Let’s prepare to defend against these threats together instead of waiting for the pros to deal with it.

Info

Did you know that a cyberattack occurs roughly once every 39 seconds? University of Maryland

The Five Six Functions

As of the writing of this article a new framework, NIST CSF v2.0, has been introduced, we will adopt this draft to become the new standard. In order to make sure that your business is kept safe and secure, this framework is a solid foundation that will help build a security built for your unique situation.

This article explains the Cybersecurity Framework’s six main Functions: Ideentify, Protect, Detect, Respond, and Recover. These functions are the most important parts of the Framework. They are the pillars that everything else is built around.

  • Governance - ves establishing and maintaining a cybersecurity program and managing risks.
  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

Why Use A Framework?

The NIST Cybersecurity Framework can help an organization begin or improve their cybersecurity program. Built off of practices that are known to be effective, it can help organizations improve their cybersecurity posture. It fosters communication among both internal and external stakeholders about cybersecurity, and for larger organizations, helps to better integrate and align cybersecurity risk management with broader enterprise risk management processes as described in the NISTIR 8286 series.

Though the Cybersecurity Framework is not a one-size-fits-all approach to managing cybersecurity risk for organizations, it is ultimately aimed at reducing and better managing these risks. As such, this guide is intended for any and all organizations regardless of sector or size. Organizations will vary in how they customize practices described in this document. Organizations can determine activities that are important to critical service delivery and can prioritize investments to maximize impact.

The Framework is organized by key Functions – Identify, Protect, Detect, Respond, and Recover. These five widely understood terms, when considered together, provide a comprehensive view of the lifecycle for managing cybersecurity risk over time. The activities listed under each Function may offer a good starting point for your organization:

  <svg
    width="20"
    height="20"
    viewBox="0 0 24 24"
    fill="none"
    xmlns="http://www.w3.org/2000/svg">
    <path
      fillRule="evenodd"
      clipRule="evenodd"
      d="M12 0C18.6274 0 24 5.37258 24 12C24 18.6274 18.6274 24 12 24C5.37258 24 0 18.6274 0 12C0 5.37258 5.37258 0 12 0ZM12 2.4C6.69807 2.4 2.4 6.69807 2.4 12C2.4 17.3019 6.69807 21.6 12 21.6C17.3019 21.6 21.6 17.3019 21.6 12C21.6 6.69807 17.3019 2.4 12 2.4ZM15.9515 7.55147L9.6 13.9029L8.04853 12.3515C7.5799 11.8828 6.8201 11.8828 6.35147 12.3515C5.88284 12.8201 5.88284 13.5799 6.35147 14.0485L8.75147 16.4485C9.2201 16.9172 9.9799 16.9172 10.4485 16.4485L17.6485 9.24853C18.1172 8.7799 18.1172 8.0201 17.6485 7.55147C17.1799 7.08284 16.4201 7.08284 15.9515 7.55147Z"
      fill="currentColor" />
  </svg>

<p>Tip</p>

Using a standard Framework such as the NIST allows you to more quickly secure your digital assets.

The Five Six Functions

This article explains the Cybersecurity Framework’s five main Functions: Ideentify, Protect, Detect, Respond, and Recover. These functions are the most important parts of the Framework. They are the pillars that everything else is built around.

  • Governance
  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

Governance

The Governance function in the NIST Cybersecurity Framework involves establishing and maintaining a cybersecurity program and managing risks. It includes defining roles and responsibilities, ensuring compliance with policies, and fostering a culture of cybersecurity awareness within an organization. This function serves as the foundation for effective cybersecurity management and decision-making.

Establish and monitor the organization’s cybersecurity risk management strategy, expectations, and policy. The GOVERN Function is cross-cutting and provides outcomes to inform how an organization will achieve and prioritize the outcomes of the other five Functions in the context of its mission and stakeholder expectations. Governance activities are critical for incorporating cybersecurity into an organization’s broader enterprise risk management strategy. GOVERN directs an understanding of organizational context; the establishment of cybersecurity strategy and cybersecurity supply chain risk management; roles, responsibilities, and authorities; policies, processes, and procedures; and the oversight of cybersecurity strategy.

Identify

The Identify Function assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs.

  • Identify critical enterprise processes and assets – What are your enterprise’s activities that absolutely must continue in order to be viable? For example, this could be maintaining a website to retrieve payments, protecting customer/patient information securely, or ensuring that the information your enterprise collects remains accessible and accurate.

  • Document information flows – It’s important to not only understand what type of information your enterprise collects and uses, but also to understand where the data is located and how it is used, especially where contracts and external partners are engaged.

  • Maintain hardware and software inventory – It’s important to have an understanding of the computers and software in your enterprise because these are frequently the entry points of malicious actors. This inventory could be as simple as a spreadsheet.

  • Establish policies for cybersecurity that include roles and responsibilities – These policies and procedures should clearly describe your expectations for how cybersecurity activities will protect your information and systems, and how they support critical enterprise processes. Cybersecurity policies should be integrated with other enterprise risk considerations (e.g., financial, reputational).

  • Identify threats, vulnerabilities, and risk to assets – Ensure risk management processes are established and managed to ensure internal and external threats are identified, assessed, and documented in risk registers. Ensure risk responses are identified and prioritized, executed, and results monitored.

Examples of outcome Categories within this Function include:

  • Identifying physical and software assets within the organization to establish the basis of an Asset Management program
  • Identifying the Business Environment the organization supports including the organization’s role in the supply chain, and the organizations place in the critical infrastructure sector
  • Identifying cybersecurity policies established within the organization to define the Governance program as well as identifying legal and regulatory requirements regarding the cybersecurity capabilities of the organization
  • Identifying asset vulnerabilities, threats to internal and external organizational resources, and risk response activities as a basis for the organizations Risk Assessment
  • Identifying a Risk Management Strategy for the organization including establishing risk tolerances
  • Identifying a Supply Chain Risk Management strategy including priorities, constraints, risk tolerances, and assumptions used to support risk decisions associated with managing supply chain risks

Identify – Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.

Protect

The Protect Function outlines appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event.

Examples of outcome Categories within this Function include:

  • Protections for Identity Management and Access Control within the organization including physical and remote access
  • Empowering staff within the organization through Awareness and Training including role based and privileged user training
  • Establishing Data Security protection consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information
  • Implementing Information Protection Processes and Procedures to maintain and manage the protections of information systems and assets
  • Protecting organizational resources through Maintenance, including remote maintenance, activities
  • Managing Protective Technology to ensure the security and resilience of systems and assets are consistent with organizational policies, procedures, and agreements

Protect – Develop and implement appropriate safeguards to ensure delivery of critical services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Identity Management and Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.

Detect

The Detect Function defines the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events.

Examples of outcome Categories within this Function include:

  • Ensuring Anomalies and Events are detected, and their potential impact is understood
  • Implementing Security Continuous Monitoring capabilities to monitor cybersecurity events and verify the effectiveness of protective measures including network and physical activities
  • Maintaining Detection Processes to provide awareness of anomalous events

Detect – Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.

Respond

The Respond Function includes appropriate activities to take action regarding a detected cybersecurity incident. The Respond Function supports the ability to contain the impact of a potential cybersecurity incident.

Examples of outcome Categories within this Function include:

  • Ensuring Response Planning process are executed during and after an incident
  • Managing Communications during and after an event with stakeholders, law enforcement, external stakeholders as appropriate
  • Analysis is conducted to ensure effective response and support recovery activities including forensic analysis, and determining the impact of incidents
  • Mitigation activities are performed to prevent expansion of an event and to resolve the incident
  • The organization implements Improvements by incorporating lessons learned from current and previous detection / response activities Respond – Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. The Respond Function supports the ability to contain the impact of a potential cybersecurity incident. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements.

Recover

The Recover Function identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity incident.

Examples of outcome Categories within this Function include:

  • Ensuring the organization implements Recovery Planning processes and procedures to restore systems and/or assets affected by cybersecurity incidents
  • Implementing Improvements based on lessons learned and reviews of existing strategies
  • Internal and external Communications are coordinated during and following the recovery from a cybersecurity incident

Recover – Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity incident. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.

Tags :

Related Posts

Understanding A Vulnerability Assessment Report

Understanding A Vulnerability Assessment Report

A vulnerability assessment report is a document that helps identify weaknesses in a computer system or network.

Read More