NIST is an abbreviation for the National Institute of Standards and Technology. This framework helps businesses develop a better cyber security posture. This means ensuring and helping businesses manage, understand and reduce cyber security risks through protecting their data, networks and information systems.
The framework has three parts, framework core, implementation tiers and framework profile.
This framework is voluntary but it ensures your business has the best cyber security practices. It assists businesses and organisations to make proper risk management decisions.
This framework focuses on identifying, protecting, detecting, responding and recovering different entities in your business. Here is a summary on how the framework works.
1. Identify
This function involves understanding the business environment in order to manage cyber security risks facing assets, systems and data capabilities. In order for your business to fully comply with this function, you should identify physical and digital assets, how they are interrelated and the current risks they are facing.
You should also put policies in place to manage the risks identified. Physical devices like smartphones, laptops or tablets may face risks. You should also identify all software and data that you use. You should then assign roles and responsibilities to your users and anyone who accesses sensitive data.
2. Protect
This function outlines the appropriate safety measures to be taken to safeguard infrastructure and processes. Such measures may also reduce the impact of a cybersecurity incident.To comply with this function, you should ensure your business:
- provides cyber security training for users,
- protects access,
- controls and identities management,
- ensure protection of information and data through back ups and,
- has implemented policies on how to dispose of old files and electronic devices.
This function focuses on limiting or containing cybersecurity incidents in case they occur. It also ensures cyber security incidents don’t happen or limits their likelihood.
3. Detect
This function describes the appropriate activities and procedures which identify the possible occurrence of a security incident. This ensures incidents are discovered in a timely manner.
Monitoring tools can also be used to detect unusual behaviour such as unusual staff activity and use of unauthorised devices like USB drives.
4. Respond
The response function entails the activities or procedures to be taken after a cyber security incident has been detected. The function explains how a cyber security incident should be contained. To comply with this function, businesses should have defined communication lines, a properly drafted response plan and how information about the event should be analysed.
The response plan for your business should outline how customers and employees will be notified of a cyber security incident and how the business process will be managed so that there is no (or minimal) interruption.
It should also have procedures for investigating the attack and reporting it to relevant authorities.
Lastly, you should also ensure the response function has plans for updating the cyber security policy from the lessons learnt from the security incident.
5. Recover
This function explains the plans of restoring the business back to where it was before the cyber security incident. This is the last step of the NIST cybersecurity framework. Through this recovery function, businesses are able to come up with plans which will ensure minimal losses, and a fast and efficient recovery. Through such activities, negative impacts from a cybersecurity incident are reduced.
Part of this function may involve restoring the affected business network or equipment and informing your staff and customers of your recovery or response plan and activities. After this function is implemented, some of the outcomes it may have are: implementation of improved reviews and lessons learnt from the cyber security incident.
The NIST cybersecurity framework will place your business in a better position to manage and avoid cyber security incidents. It will help you identify the critical resources and protect them.
The five functions of this framework represent a holistic approach to cyber security management. This is why you need to employ them in your business for better incident handling.
How cyber-secure is your business? Find out with our free cybersecurity health check.
It’s a 30 minute Zoom call that walks through a checklist to assess your current cybersecurity levels and provide a short report with some advice and recommendations.