Triskele Labs Blog

How does the NIST Cybersecurity Framework work?

Written by Nick Morgan | Jul 23, 2019 11:04:00 AM

Have you caught on to the buzz surrounding the NIST Cybersecurity Framework? 

An effort led by the National Institute of Standards and Technology at the US Department of Commerce, the framework aims to help businesses understand and manage cybersecurity risk with greater success. At a time when businesses operating online are more vulnerable to malicious hackers, phishers and other criminal entities, this framework is primed to shed some security.

Entirely voluntary in terms of adherence, the framework provides businesses guidance on cybersecurity, which includes industry best practices.

In today’s post, we dive into what it means to incorporate the recommendations of the NIST Cybersecurity Framework into your business, particularly in its five core areas: Identify, Protect, Detect, Respond and Recover.

‘IDENTIFY’

When it comes to this aspect of the framework, you need to start your cybersecurity mission by identifying and categorising all systems and solutions your company uses that could house or transfer sensitive data. 

As a part of the recommendations relating to asset management, you will also need to take an inventory of your physical devices and systems. Given the many subcategories that come under the ‘Identify’ section of the framework, you will be encouraged to follow through on certain instructions and outcomes. 

The NIST Cybersecurity Framework aims to act as a rough indication of the security measures and processes organizations should have in place. The ‘Identify’ stage can be broken down further and applies to five specific areas of business operations: Asset management, business environment, governance, risk assessment, and risk management strategy.

‘PROTECT’

The framework also concerns itself with another crucial focus for almost any business: The protection of their most critical assets. This section of the guidelines provides actionable takeaways for companies to improve their own security processes. 

Here, the framework calls teams to introduce “appropriate safeguards” to ensure the delivery of critical infrastructure services. The goal here is to reduce the impact of any kind of cybersecurity attack, especially by leveraging the recommendation outlined on data protection and security. 

Specifically, this function focuses on limiting and controlling secure access to a company’s critical systems and assets both in the physical and digital realm. The subcategories under this particular part of the framework concern themselves with asset control, awareness and training, data security, maintenance, and protective technology. 

‘DETECT’

While the first part of the NIST Cybersecurity Framework focuses on helping company officials understand their own processes, assets and infrastructure, as well as the risks that can affect these, the ‘Detect’ function is more about how these threats can be identified. 

In line with the rest of the framework, ‘Detect’ also possesses certain subcategories under its wing. These include anomalies and events, continuous monitoring and detection processes. 

Here, recommended strategies include advanced behaviour monitoring that can identify suspicious activity, getting rid of unnecessary and unused components and tools in your system, tighter security for all points of entry and network-wide monitoring, among other measures.

‘RESPOND’

The purpose of this function of the framework is to lay down procedures and policies that help companies take effective action in the event the unthinkable happens. A continuation of the ‘Detect’ function, ‘Respond’ helps companies respond effectively to detected threats. 

The crux of this whole framework, therefore, rests here.

In terms of response, the NIST Cybersecurity Framework stipulates certain response categories for companies to focus on. This helps decision-makers channel their efforts into specific areas including response planning, communications, analysis and mitigation.

‘RECOVER’

After the immediate threat has been eliminated, the framework then focuses on organisational recovery. This includes introducing procedures and policies focusing on resilience as well as the restoration of any capabilities or services that were affected due to a cybersecurity breach. 

This is critical because certain attacks can significantly impair the way a business operates internally and provides its services to customers. Here, ‘Recover’ categories include recovery planning, improvements, and communications. 

WORK IN LINE WITH THE NIST CYBERSECURITY FRAMEWORK FOR IMPROVED CYBERSECURITY!

The NIST Cybersecurity Framework has been introduced to help businesses prepare and respond effectively at a time where cybersecurity is teetering on a very dangerous edge, 

By aligning your security structure, processes and procedures with that of this framework, you ensure that you’re never on the backfoot.

If you’re unsure how well your strategies line up with the framework’s recommendations or are unsure of how to give it effect, reach out to us to see how well you’ve done.