NIST Cybersecurity Framework


The National Institute of Standards and Technology’s (NIST) cybersecurity framework is a useful tool for organising and improving your cybersecurity programme. It’s a set of standards and best practises designed to assist businesses in establishing and improving their cybersecurity posture. The framework lays forth a set of suggestions and standards to help companies better prepare for cyber-attacks by identifying and detecting them, as well as providing advice on how to respond to, avoid, and recover from them.

Five Core Functions:

The Identify function is responsible for building the foundation for a successful cybersecurity programme. This function aids in the development of a corporate awareness of cybersecurity risk to systems, people, assets, data, and capabilities. This function emphasised the necessity of understanding the business environment, the resources that support important functions, and the corresponding cybersecurity risks in order to enable an organisation to focus and prioritise its efforts in accordance with its risk management strategy and business needs. This group’s essential activities include:

  • Establishing the foundation of an asset management programme by identifying physical and software assets.
  • Identifying the business environment of the enterprise, particularly its role in the supply chain
  • Identifying existing cybersecurity rules in order to create the governance programme, as well as legal and regulatory needs.
  • To evaluate risk, identify asset vulnerabilities, threats to internal and external organisational resources, and risk response operations.
  • Developing a risk management approach, which includes determining risk tolerance.
  • Identifying a supply chain risk management plan, including priorities, limitations, risk tolerances, and assumptions that will be utilised to support risk management decisions.

The Protect function describes suitable protections to guarantee critical infrastructure services are delivered, as well as supporting the capacity to mitigate or contain the consequences of a potential cybersecurity disaster. This group’s critical activities include:

  • Identity Management and Access Control protections, including physical and remote access, are being implemented inside the organisation.
  • Providing security awareness training to employees, including role-based and privileged user training
  • Implementing policies and procedures to maintain and manage the security of information systems and assets in accordance with the organization’s risk strategy
  • Maintenance, including remote maintenance activities, protects organisational resources.
  • Managing technology in accordance with corporate policies, processes, and agreements to ensure the security and resilience of systems

This function describes the appropriate steps to recognise the occurrence of a cybersecurity event in a timely way, and it is crucial to detect potential cybersecurity events. This function’s responsibilities include:

  • Ascertaining the detection of anomalies and events, as well as their potential impact
  • Adding ability to monitor cybersecurity events and check the efficiency of preventive measures, such as network and physical actions, on a continual basis.

The Respond function focuses on the right actions to take in the event of a detected cybersecurity incident and helps to limit the effect of a potential cybersecurity incident. This function’s essential activities include:

  • Ensure that the response planning procedure is followed before, during, and after an incident.
  • Managing internal and external stakeholder communications during and after an event
  • Analysis of the incident to ensure effective response and recovery actions, such as forensic analysis and evaluating the impact of incidents
  • Mitigation operations are carried out to prevent an occurrence from spreading and to bring the incident to a close.
  • Incorporating lessons learnt from current and previous detection/response actions to make improvements

The Recover function identifies relevant activities for renewing and maintaining resilience plans, as well as restoring any capabilities or services that have been compromised as a result of a cybersecurity incident. To minimise the impact of a cybersecurity event, a prompt return to normal activities is emphasised. The following are some of the essential activities for this function, which overlap with those for Respond:

  • Ascertaining that the organization’s recovery planning processes and procedures are in place to restore systems and/or assets that have been impacted by cybersecurity incidents.
  • Improvements based on lessons learned and reviews of existing tactics are being implemented.
  • During and after the recovery from a cybersecurity event, internal and external communications are coordinated.

How Can ITM Help You?

IT Minister covers all aspects of Cyber Security including but not limited to Home cyber security managed solutions to automated, manage Threat Intelligence, Forensic Investigations, Mobile Device Management, Cloud security best practice & architecture and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.