NIST Cybersecurity Framework: What You Need to Know
The NIST cybersecurity framework was enacted in February of 2013 as part of an executive order to reduce cybersecurity risk to critical infrastructure. While it was enacted as part of an executive order, the framework is voluntary and not required for industries to implement. Despite the fact that it’s voluntary, it’s still a good idea to implement the framework for any owner or operator of critical infrastructure who wants to increase the security measures.
The NIST cybersecurity framework is made up of five functions split into categories which are then divided into subcategories. All of this works together to help owners implement best practices to reduce the cybersecurity risk to critical infrastructure.
It’s important for business owners to understand the NIST cybersecurity framework if they want to reduce their cybersecurity risk. We’re going to take a closer look at the framework, starting with each major function and their categories and subcategories.
The purpose of the “Identify” function is to help organizations recognize potential cybersecurity risks and incidents as they occur. The function is the second largest function with five different categories and 24 different subcategories.
Within the Identify function you can find categories including asset management, business environment, governance, risk assessment, and risk management strategy. Asset management helps owners and operators identify systems that run critical infrastructure within their business processes and align the management of those systems with a risk management strategy.
The business environment category helps business owners prioritize their company’s mission and goals and align them with their cybersecurity infrastructure. The category aims to guide risk management strategies to follow company values. The governance category manages cybersecurity risk by looking at policies, procedures, and processes to monitor an organization’s required regulatory compliances. For example, healthcare organizations must comply with HIPAA.
Risk assessment and risk management strategy categories go hand in hand as they work to help operators understand what risks are greatest to their systems and what strategies are available to their company. Operational risk decisions must be based on an organization’s priorities and assets.
Subcategories within this function discuss issues identifying threats, finding vulnerabilities, discovering where your organizational risk tolerance lies, and mapping your company’s data flows, and software and hardware.
The Identify function is very proactive as it handles what a company can do before an incident occurs and how they can prevent one from happening at all.
The protect function is also proactive as it handles everyday good business cybersecurity hygiene practices, include user access, education, data security, etc. The NIST cybersecurity framework emphasizes preventing cybersecurity risks before they happen- hence protect and identify are the two largest functions out of all five.
The first category within Protect is access control. Similar to building access control, digital access control restricts protected data to just authorized users, and activities are monitored and restricted as well. The second category is awareness and training. The NIST cybersecurity framework recognizes that your employees are often the weakest link in your network. Proper education can help your employees recognize an issue before it becomes an incident and avoid mistakes that could potentially put data at risk.
The data security category ensures that your business manages data records and information in line with your organization’s risk strategy in order to protect the confidentiality, integrity, and availability of information. Information protection processes and procedures identifies the importance of security policies and procedures used to maintain and manage the protection of information systems and assets.
Maintenance is hugely important when it comes to industrial control and information system components. Computers that aren’t routinely updated can leave leaks in your systems security that puts data at risk. Protective technology goes hand in hand with maintenance to ensure that technical security solutions are in place to ensure your systems can handle a security incident and protect your data.
The detect function is much smaller than either protect or identify, with only three categories and 18 subcategories. While the name is rather self-explanatory, the function deals with detecting cybersecurity breaches early on when they occur. Oftentimes the damage done by cybersecurity breaches is much worse as the breach is caught after a lot of damage has already been done.
The anomalies and events category ensures owners and operators recognize unusual activity on their IT networks and understands when it can signify a cybersecurity breach. Timely detection is huge when it comes to catching unusual activity. If caught too late, a breach could already be underway. Security continuous monitoring means that business owners must watch and analyze their system activity, both in order to catch anomalous events and ensure that all security protocol is working seamlessly.
Detection processes and procedures is another category within the detect function. This category focuses on the maintenance and testing of detection procedures. If you fail to test your detection procedures, an event could easily occur without your notice.
The response function is made to help owners understand what steps to take in the event of an incident. Broken down into five categories, this function goes over everything from response planning to mitigation and what steps to take when it comes to notification of a threat to performing forensics.
Response planning handles what processes and procedures go into effect immediately after an event occurs. Your response should be aligned with your risk management strategy and data protection goals. The communications category handles the coordinated response between internal and external stakeholders, including a response from a law enforcement agency if needed. When communicating post-incident, all reporting must be consistent with the criteria established in advance of an event.
Analysis and mitigation go hand in hand when it comes to responding to an event. Owners must analyze a situation including forensics and potential impact in order to mitigate its effects. Protocol must then be either improved in order to compensate for the event or all risks must be catalogued and considered acceptable.
Recovery is the smallest function of all with only three categories and three sub-categories- however don’t underestimate its importance. Recovery planning must be done ahead of time in order to enact the strategy in case an incident occurs. This plan must be capable of restoring effected systems in a timely manner to minimize the event damage.
Improvements are crucial to minimizing the risk of a future event occurring. A crucial part of the recovery process, without improvements to your organization you are placing yourself at risk for a future event. Recovery plans and strategies must be updated to enact all necessary improvements.
Without appropriate communications your recovery cannot be completed. All restoration activities must be coordinated with internal and external parties as well as ISPs, vendors, and all victims.
Choose a Service Provider to Help You Through It.
The NIST cybersecurity framework is complex and detailed. It can be hard to understand it all and enact it all on your own. Luckily, when you work with Swift Systems, you’re working with an IT company that does it all.
With Swift Systems managed IT services, you won’t have to worry about implementing the entire NIST cybersecurity framework. We’ll help you through it. We give our customers reliable networks, dedicated technicians, and increased uptime.
Don’t try and go it alone. Call Swift Systems today.