NIST Cybersecurity Framework

The NIST Cybersecurity Framework is a set of guidelines developed to reduce cybersecurity risks. Lists specific activities associated with IT security risk management based on existing standards and guidelines. It is one of the most popular frameworks dedicated to cybersecurity and d is widely used because it helps in the aspect of risk management.

Written by the National Institute of Standards and Technology (NIST), this framework from cybersecurity addresses the lack of standards when it comes to cybersecurity. In fact, provides a uniform set of rules, guidelines and standards for organizations to use across industries . The NIST Cybersecurity Framework (sometimes abbreviated NIST CSF ) is widely regarded as the gold-standard for building a cybersecurity program.

Whether you are just starting to establish a cybersecurity program or are already running a fairly mature program, the framework can provide added value. Acts as a high-level security management tool that helps assess cybersecurity risk across the organization.

NIST Cybersecurity Framework

The structure of the NIST Cybersecurity Framework

The NIST Cybersecurity Framework is mainly structured in three parts:

Core: contains a series of activities, results and references on aspects and approaches related to cyber security.
Implementation Tiers: is a classification system that helps organizations to clarify the aspects dedicated to IT security risk management.
Profile: in essence it is the list of results that an organization has chosen, based on its needs, from categories and sub-categories of the structure.

Functions and categories of cybersecurity activities

The NIST Core can be divided into 5 sections, which in turn are divided into 23 categories. For each category a series of sub-categories is defined, for a total of 108 sub-categories. categories. Each sub-category provides Information Resources that refer to specific sections of other security standards, such as ISO 27001 , COBIT, NIST SP 800-53, ANSI / ISA and CCS CSC.

The complexity of this framework has given rise to the creation of bills that guide NIST to create guidelines that are easily accessible to small and medium-sized enterprises.

Sections of the NIST Cybersecurity Framework

NIST Sections

Identification ( Identify )

The identification function focuses on laying the foundation for an effective cybersecurity program . This function assists in developing an organizational understanding to manage cybersecurity risk for systems, people, assets, data and capabilities. To allow an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs, this function has emphasized the importance of understanding the business context, the resources that support critical functions, and related cybersecurity risks .

Essential activities in this section of NIST include:

Individuare le risorse fisiche e software per stabilire la base di un programma di gestione delle risorse
Definire l’ambiente di business dell’organizzazione, compreso il suo ruolo nella catena di fornitura
Scegliere le politiche di cybersecurity stabilite per definire il programma di governance e identificare i requisiti legali e normativi relativi alle capacità di cybersecurity dell’organizzazione
Identificare le vulnerabilità degli asset, le minacce alle risorse organizzative interne ed esterne e le attività di risposta al rischio per valutare il rischio
Stabilire una strategia di gestione del rischio, compresa l’identificazione della tolleranza al rischio
Produrre una strategia di gestione del rischio della catena di fornitura, comprese le priorità, i vincoli, le tolleranze di rischio e le ipotesi usate per sostenere le decisioni di rischio associate alla gestione dei rischi della catena di fornitura

Protection ( Protect )

NIST’s security function outlines appropriate safeguards to ensure the provision of critical infrastructure services. It also supports the ability to limit or contain the impact of a potential cybersecurity event.

Critical activities in this group include:

Implement protections for identity management and access control within the organization, including physical and remote access
Empower staff through security awareness training , including privileged and role-based user training
< strong> Establish data security protection consistent with the organization’s risk strategy to protect the confidentiality, integrity and availability of information
Implement processes and procedures to maintain and manage protection of systems information and resources
Protect organizational resources through maintenance, including remote maintenance activities
Manage technology for ensure the security and resilience of systems , in line with organizational policies, procedures and agreements

Detections ( Detect )

Detecting potential cybersecurity incidents is critical, and this Framework feature defines the appropriate activities to identify the occurrence of a cybersecurity event in a timely manner. Activities in this feature include:

Ensuring the detection of anomalies and events and understanding their potential impact
Implementing capabilities of continuous monitoring to monitor cybersecurity events and verify the effectiveness of security measures, including network and physical activities

Answers ( Respond )

NIST’s response function focuses on the appropriate activities to take action in the event of a detected cybersecurity incident and supports the ability to contain the impact of a potential cybersecurity incident.

Activities essential for this feature include:

Ensuring the execution of the response planning process during and after an incident
Managing communications with internal and external stakeholders during and after an Analyze l incident to Ensure effective response and support recovery activities, including forensic analysis and accident impact determination
Perform mitigation to prevent expanding an event and resolving the incident
Implement improvements by incorporating lessons learned from current and previous detection / response activities


The framework’s recovery function identifies the appropriate activities to renew and maintain resilience plans and to restore any capacity or service that has been compromised due to a cybersecurity incident. Timely recovery at normal operation is important to reduce the impact of an accident.

The essential activities for this function overlap somewhat with the replying activities and include:

Ensuring that your organization implements recovery planning processes and procedures to restore systems and / or assets affected by cybersecurity incidents
Implement based improvements on lessons learned and reviews of existing strategies
Internal and external communications are coordinated during and after recovery from a cybersecurity incident

Getting started with the NIST Cybersecurity Framework

Aligning with the framework means enumerating all your activities and labeling these items with one of these 5 function labels . For example, the Identify tag will be for tools that help you inventory your assets. Tools like Firewall will go into Protect . However, depending on their capabilities, you may also want to put them in Detect along with your SIEM . Incident response tools and playbooks go to Respond . Your backup and restore tools are part of Recover .

Once you have done this exercise, some of the sections may seem more empty than others and you may feel uncomfortable with the description of the corresponding function.

This is good, because now you can articulate what your cybersecurity program lacks.


In this article we have understood what the NIST Cybersecurity Framework is and how it is structured by analyzing some of its main sections and the elements that make up these sections.

However, our advice is to seek out a SaaS provider who can provide you with the tools to implement NIST efficiently without risk. Our SaaS solutions can help in this regard and we invite you to contact us to find out how our services can help your business in the area of cybersecurity.

Do not hesitate to contact us to find out more, we will answer all your questions.

Link utili:

Useful links:

importanza cyber threat intelligence cover

Estimated reading time: 5 minutes

In another article we have already talked about Cyber Threat Intelligence explaining what it is, how it works and its various types. Today, however, we will focus more on the importance of Cyber Threat Intelligence , deepening how it can be useful for companies to provide answers in the security field, containing risks and providing information that support incident response. & nbsp;

The importance of Cyber Threat Intelligence

In a world where technologies and cyber threats are constantly evolving, a company cannot afford to overlook the importance of Cyber Threat Intelligence. Every day on the web there are countless cyber attacks and data thefts to the detriment of companies and individuals. These large amounts of information are then cataloged and sold illegally on the Dark Web.

Hackers usually sell information on this part of the web because it guarantees them anonymity. In fact, unlike the traditional web, in order to access these virtual places, you must use a browser that masks your IP address. This complicates the authorities’ tracking of criminals and makes the dark web a completely anonymous place.

One of the objectives of the CTI is to monitor the information present in this large part of the web for analytical purposes. The aim is to prevent and limit the damage that this data could cause.

Monitoring the Dark Web and the Deep Web

importance cyber threat intelligence iceberg

Often, when we talk about the Deep Web and the Dark Web, we think that there are only and exclusively illegal activities, but that is not correct. There are also forums, blogs and websites that aim to disseminate information that is difficult to find on the traditional web.

Unfortunately, it is also true that criminals use this section of the network to sell all kinds of information . These include telephone numbers, email addresses, bank details, documents, passports, administrative login credentials for websites. There is practically everything.

This kind of information, in the hands of an attacker (or a competitor), could compromise the integrity of an entire company, its employees and its customers. The consequences of a data breach could also manifest themselves in the form of damage to the company’s reputation.

When a customer provides his personal data to a company, he expects them to be treated with the utmost respect. Customers may feel “betrayed” by the company that should have guaranteed them the security of their personal information.

A striking example was the data theft that occurred in 2019 against Facebook Inc. ( Source )
533 million personal data belonging to users of the platform are been stolen, divided by 106 countries and distributed for free on the web, bringing the company back to the center of controversy.

importance cyber threat intelligence facebook

Companies looking to protect their customer, supplier and employee data invest in analytics and monitoring tools.

By relying on professionals, it is possible to promptly receive a notice whenever sensitive information is published on a forum or website on the Dark Web. For this reason the importance of Cyber Threat Intelligence plays a key role in the business cybersecurity branch.

Monitoring the Dark Web therefore means having the possibility of being able to promptly detect any sensitive information before it can cause problems for companies.

Tools for monitoring the Dark Web

Being a portion of the internet that is difficult to access and not indexed by search engines, analyzing and monitoring resources on the Deep Web becomes more complicated. For this reason, we are helped by various tools designed with the aim of simplifying the investigation and analysis process.

One piece of software that could help you during an investigation is Onionscan, a completely free Open Source program.

The Onionscan project and the CTI

The Onionscan project has two objectives:

– Helping operators find and solve operational security problems
– Help researchers monitor and track sites on the Deep Web

The software can be downloaded from the dedicated Github page, which also contains an installation guide and a list of dependencies required to run the software.

Once installed, to use it, simply type in the command line:

onionscan websitename.onion

Of course, just accessing a tool like this isn’t enough to provide effective coverage. In fact, the importance of Cyber Threat Intelligence lies largely in knowing how to perform searches and interpret data.


We have seen what a Dark Web monitoring activity is and how it works and above all we have begun to understand the importance of Cyber Threat Intelligence.

Investing in these solutions guarantees additional security for the company. Securing the data of its customers and employees cannot be optional, every company should be sensitive to these issues and invest their resources to prevent unpleasant situations.

SOD offers a dedicated service which aims to provide valuable CTI information for proactive defense and resolution of critical issues before they become real problems.

If you need further information, do not hesitate to contact us, we are ready to answer all your questions.

Link utili: