NIST Cybersecurity Framework Giacomo Lanzi

NIST Cybersecurity Framework

The NIST Cybersecurity Framework is a set of guidelines developed to reduce cybersecurity risks. Lists specific activities associated with IT security risk management based on existing standards and guidelines. It is one of the most popular frameworks dedicated to cybersecurity and d is widely used because it helps in the aspect of risk management.

Written by the National Institute of Standards and Technology (NIST), this framework from cybersecurity addresses the lack of standards when it comes to cybersecurity. In fact, provides a uniform set of rules, guidelines and standards for organizations to use across industries . The NIST Cybersecurity Framework (sometimes abbreviated NIST CSF ) is widely regarded as the gold-standard for building a cybersecurity program.

Whether you are just starting to establish a cybersecurity program or are already running a fairly mature program, the framework can provide added value. Acts as a high-level security management tool that helps assess cybersecurity risk across the organization.

NIST Cybersecurity Framework

The structure of the NIST Cybersecurity Framework

The NIST Cybersecurity Framework is mainly structured in three parts:

Core: contains a series of activities, results and references on aspects and approaches related to cyber security.
Implementation Tiers: is a classification system that helps organizations to clarify the aspects dedicated to IT security risk management.
Profile: in essence it is the list of results that an organization has chosen, based on its needs, from categories and sub-categories of the structure.

Functions and categories of cybersecurity activities

The NIST Core can be divided into 5 sections, which in turn are divided into 23 categories. For each category a series of sub-categories is defined, for a total of 108 sub-categories. categories. Each sub-category provides Information Resources that refer to specific sections of other security standards, such as ISO 27001 , COBIT, NIST SP 800-53, ANSI / ISA and CCS CSC.

The complexity of this framework has given rise to the creation of bills that guide NIST to create guidelines that are easily accessible to small and medium-sized enterprises.

Sections of the NIST Cybersecurity Framework

NIST Sections

Identification ( Identify )

The identification function focuses on laying the foundation for an effective cybersecurity program . This function assists in developing an organizational understanding to manage cybersecurity risk for systems, people, assets, data and capabilities. To allow an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs, this function has emphasized the importance of understanding the business context, the resources that support critical functions, and related cybersecurity risks .

Essential activities in this section of NIST include:

Individuare le risorse fisiche e software per stabilire la base di un programma di gestione delle risorse
Definire l’ambiente di business dell’organizzazione, compreso il suo ruolo nella catena di fornitura
Scegliere le politiche di cybersecurity stabilite per definire il programma di governance e identificare i requisiti legali e normativi relativi alle capacità di cybersecurity dell’organizzazione
Identificare le vulnerabilità degli asset, le minacce alle risorse organizzative interne ed esterne e le attività di risposta al rischio per valutare il rischio
Stabilire una strategia di gestione del rischio, compresa l’identificazione della tolleranza al rischio
Produrre una strategia di gestione del rischio della catena di fornitura, comprese le priorità, i vincoli, le tolleranze di rischio e le ipotesi usate per sostenere le decisioni di rischio associate alla gestione dei rischi della catena di fornitura

Protection ( Protect )

NIST’s security function outlines appropriate safeguards to ensure the provision of critical infrastructure services. It also supports the ability to limit or contain the impact of a potential cybersecurity event.

Critical activities in this group include:

Implement protections for identity management and access control within the organization, including physical and remote access
Empower staff through security awareness training , including privileged and role-based user training
< strong> Establish data security protection consistent with the organization’s risk strategy to protect the confidentiality, integrity and availability of information
Implement processes and procedures to maintain and manage protection of systems information and resources
Protect organizational resources through maintenance, including remote maintenance activities
Manage technology for ensure the security and resilience of systems , in line with organizational policies, procedures and agreements

Detections ( Detect )

Detecting potential cybersecurity incidents is critical, and this Framework feature defines the appropriate activities to identify the occurrence of a cybersecurity event in a timely manner. Activities in this feature include:

Ensuring the detection of anomalies and events and understanding their potential impact
Implementing capabilities of continuous monitoring to monitor cybersecurity events and verify the effectiveness of security measures, including network and physical activities

Answers ( Respond )

NIST’s response function focuses on the appropriate activities to take action in the event of a detected cybersecurity incident and supports the ability to contain the impact of a potential cybersecurity incident.

Activities essential for this feature include:

Ensuring the execution of the response planning process during and after an incident
Managing communications with internal and external stakeholders during and after an Analyze l incident to Ensure effective response and support recovery activities, including forensic analysis and accident impact determination
Perform mitigation to prevent expanding an event and resolving the incident
Implement improvements by incorporating lessons learned from current and previous detection / response activities

Recover

The framework’s recovery function identifies the appropriate activities to renew and maintain resilience plans and to restore any capacity or service that has been compromised due to a cybersecurity incident. Timely recovery at normal operation is important to reduce the impact of an accident.

The essential activities for this function overlap somewhat with the replying activities and include:

Ensuring that your organization implements recovery planning processes and procedures to restore systems and / or assets affected by cybersecurity incidents
Implement based improvements on lessons learned and reviews of existing strategies
Internal and external communications are coordinated during and after recovery from a cybersecurity incident

Getting started with the NIST Cybersecurity Framework

Aligning with the framework means enumerating all your activities and labeling these items with one of these 5 function labels . For example, the Identify tag will be for tools that help you inventory your assets. Tools like Firewall will go into Protect . However, depending on their capabilities, you may also want to put them in Detect along with your SIEM . Incident response tools and playbooks go to Respond . Your backup and restore tools are part of Recover .

Once you have done this exercise, some of the sections may seem more empty than others and you may feel uncomfortable with the description of the corresponding function.

This is good, because now you can articulate what your cybersecurity program lacks.

Conclusions

In this article we have understood what the NIST Cybersecurity Framework is and how it is structured by analyzing some of its main sections and the elements that make up these sections.

However, our advice is to seek out a SaaS provider who can provide you with the tools to implement NIST efficiently without risk. Our SaaS solutions can help in this regard and we invite you to contact us to find out how our services can help your business in the area of cybersecurity.

Do not hesitate to contact us to find out more, we will answer all your questions.

Useful links:

Useful links:

Share


RSS

More Articles…

Categories …

Tags

RSS Dark Reading

RSS Full Disclosure

  • APPLE-SA-2021-09-23-1 iOS 12.5.5 September 24, 2021
    Posted by Apple Product Security via Fulldisclosure on Sep 24APPLE-SA-2021-09-23-1 iOS 12.5.5 iOS 12.5.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212824. CoreGraphics Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: Processing a maliciously […]
  • APPLE-SA-2021-09-23-2 Security Update 2021-006 Catalina September 24, 2021
    Posted by Apple Product Security via Fulldisclosure on Sep 24APPLE-SA-2021-09-23-2 Security Update 2021-006 Catalina Security Update 2021-006 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212825. XNU Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of […]
  • openvpn-monitor Cross-Site Request Forgery (CSRF) September 24, 2021
    Posted by Advisories on Sep 24############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: openvpn-monitor # Vendor: https://github.com/furlongm/openvpn-monitor # CSNC ID: CSNC-2021-011 # CVE ID: CVE-2021-31604 # Subject: Cross-Site Request Forgery (CSRF) # Severity: Medium # Effect: Denial of Service #...
  • openvpn-monitor OpenVPN Management Socket Command Injection September 24, 2021
    Posted by Advisories on Sep 24############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: openvpn-monitor # Vendor: https://github.com/furlongm/openvpn-monitor # CSNC ID: CSNC-2021-010 # CVE ID: CVE-2021-31605 # Subject: OpenVPN Management Socket Command Injection # Severity: High # Effect: Denial of...
  • openvpn-monitor Authorization Bypass September 24, 2021
    Posted by Advisories on Sep 24############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: openvpn-monitor # Vendor: https://github.com/furlongm/openvpn-monitor # CSNC ID: CSNC-2021-009 # CVE ID: CVE-2021-31606 # Subject: Authorization Bypass # Severity: Medium # Effect: Denial of Service # Author:...
  • Backdoor.Win32.Minilash.10.b / Remote Denial of Service (UDP Datagram) September 21, 2021
    Posted by malvuln on Sep 21Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/3c407448a00b2d53b2418f53b66d5b6b.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Minilash.10.b Vulnerability: Remote Denial of Service (UDP Datagram) Description: The Minilash malware listens on TCP 6711 and UDP port 60000. Third-party attackers who can reach infected systems can send a specially […]
  • Backdoor.Win32.Hupigon.asqx / Unauthenticated Open Proxy September 21, 2021
    Posted by malvuln on Sep 21Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/a344b767d58b6c83b92bb868727e021c.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.asqx Vulnerability: Unauthenticated Open Proxy Description: The malware listens on TCP port 8080. Third-party attackers who can connect to the infected system can relay requests from the original connection to the...
  • Trojan.Win32.Agent.xaamkd / Insecure Permissions September 21, 2021
    Posted by malvuln on Sep 21Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/095651e1704b501123b41ea2e9736820.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Agent.xaamkd Vulnerability: Insecure Permissions Description: The malware creates an dir with insecure permissions under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can rename the...
  • APPLE-SA-2021-09-20-10 iTunes 12.12 for Windows September 21, 2021
    Posted by product-security-noreply--- via Fulldisclosure on Sep 21APPLE-SA-2021-09-20-10 iTunes 12.12 for Windows iTunes 12.12 for Windows addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212817. ImageIO Available for: Windows 10 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with […]
  • APPLE-SA-2021-09-20-9 iTunes U 3.8.3 September 21, 2021
    Posted by product-security-noreply--- via Fulldisclosure on Sep 21APPLE-SA-2021-09-20-9 iTunes U 3.8.3 iTunes U 3.8.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212809. iTunes U Available for: iOS 12.4 and later or iPadOS 12.4 and later Impact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution Description: […]

Customers

Newsletter