The NIST Cybersecurity Framework is a set of guidelines developed to reduce cybersecurity risks. Lists specific activities associated with IT security risk management based on existing standards and guidelines. It is one of the most popular frameworks dedicated to cybersecurity and d is widely used because it helps in the aspect of risk management.
Written by the National Institute of Standards and Technology (NIST), this framework from cybersecurity addresses the lack of standards when it comes to cybersecurity. In fact, provides a uniform set of rules, guidelines and standards for organizations to use across industries . The NIST Cybersecurity Framework (sometimes abbreviated NIST CSF ) is widely regarded as the gold-standard for building a cybersecurity program.
Whether you are just starting to establish a cybersecurity program or are already running a fairly mature program, the framework can provide added value. Acts as a high-level security management tool that helps assess cybersecurity risk across the organization.
The structure of the NIST Cybersecurity Framework
The NIST Cybersecurity Framework is mainly structured in three parts:
Core: contains a series of activities, results and references on aspects and approaches related to cyber security.
Implementation Tiers: is a classification system that helps organizations to clarify the aspects dedicated to IT security risk management.
Profile: in essence it is the list of results that an organization has chosen, based on its needs, from categories and sub-categories of the structure.
Functions and categories of cybersecurity activities
The NIST Core can be divided into 5 sections, which in turn are divided into 23 categories. For each category a series of sub-categories is defined, for a total of 108 sub-categories. categories. Each sub-category provides Information Resources that refer to specific sections of other security standards, such as ISO 27001 , COBIT, NIST SP 800-53, ANSI / ISA and CCS CSC.
The complexity of this framework has given rise to the creation of bills that guide NIST to create guidelines that are easily accessible to small and medium-sized enterprises.
Sections of the NIST Cybersecurity Framework
Identification ( Identify )
The identification function focuses on laying the foundation for an effective cybersecurity program . This function assists in developing an organizational understanding to manage cybersecurity risk for systems, people, assets, data and capabilities. To allow an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs, this function has emphasized the importance of understanding the business context, the resources that support critical functions, and related cybersecurity risks .
Essential activities in this section of NIST include:
Individuare le risorse fisiche e software per stabilire la base di un programma di gestione delle risorse
Definire l’ambiente di business dell’organizzazione, compreso il suo ruolo nella catena di fornitura
Scegliere le politiche di cybersecurity stabilite per definire il programma di governance e identificare i requisiti legali e normativi relativi alle capacità di cybersecurity dell’organizzazione
Identificare le vulnerabilità degli asset, le minacce alle risorse organizzative interne ed esterne e le attività di risposta al rischio per valutare il rischio
Stabilire una strategia di gestione del rischio, compresa l’identificazione della tolleranza al rischio
Produrre una strategia di gestione del rischio della catena di fornitura, comprese le priorità, i vincoli, le tolleranze di rischio e le ipotesi usate per sostenere le decisioni di rischio associate alla gestione dei rischi della catena di fornitura
Protection ( Protect )
NIST’s security function outlines appropriate safeguards to ensure the provision of critical infrastructure services. It also supports the ability to limit or contain the impact of a potential cybersecurity event.
Critical activities in this group include:
Implement protections for identity management and access control within the organization, including physical and remote access
Empower staff through security awareness training , including privileged and role-based user training
< strong> Establish data security protection consistent with the organization’s risk strategy to protect the confidentiality, integrity and availability of information
Implement processes and procedures to maintain and manage protection of systems information and resources
Protect organizational resources through maintenance, including remote maintenance activities
Manage technology for ensure the security and resilience of systems , in line with organizational policies, procedures and agreements
Detections ( Detect )
Detecting potential cybersecurity incidents is critical, and this Framework feature defines the appropriate activities to identify the occurrence of a cybersecurity event in a timely manner. Activities in this feature include:
Ensuring the detection of anomalies and events and understanding their potential impact
Implementing capabilities of continuous monitoring to monitor cybersecurity events and verify the effectiveness of security measures, including network and physical activities
Answers ( Respond )
NIST’s response function focuses on the appropriate activities to take action in the event of a detected cybersecurity incident and supports the ability to contain the impact of a potential cybersecurity incident.
Activities essential for this feature include:
Ensuring the execution of the response planning process during and after an incident
Managing communications with internal and external stakeholders during and after an Analyze l incident to Ensure effective response and support recovery activities, including forensic analysis and accident impact determination
Perform mitigation to prevent expanding an event and resolving the incident
Implement improvements by incorporating lessons learned from current and previous detection / response activities
The framework’s recovery function identifies the appropriate activities to renew and maintain resilience plans and to restore any capacity or service that has been compromised due to a cybersecurity incident. Timely recovery at normal operation is important to reduce the impact of an accident.
The essential activities for this function overlap somewhat with the replying activities and include:
Ensuring that your organization implements recovery planning processes and procedures to restore systems and / or assets affected by cybersecurity incidents
Implement based improvements on lessons learned and reviews of existing strategies
Internal and external communications are coordinated during and after recovery from a cybersecurity incident
Getting started with the NIST Cybersecurity Framework
Aligning with the framework means enumerating all your activities and labeling these items with one of these 5 function labels . For example, the Identify tag will be for tools that help you inventory your assets. Tools like Firewall will go into Protect . However, depending on their capabilities, you may also want to put them in Detect along with your SIEM . Incident response tools and playbooks go to Respond . Your backup and restore tools are part of Recover .
Once you have done this exercise, some of the sections may seem more empty than others and you may feel uncomfortable with the description of the corresponding function.
This is good, because now you can articulate what your cybersecurity program lacks.
In this article we have understood what the NIST Cybersecurity Framework is and how it is structured by analyzing some of its main sections and the elements that make up these sections.
However, our advice is to seek out a SaaS provider who can provide you with the tools to implement NIST efficiently without risk. Our SaaS solutions can help in this regard and we invite you to contact us to find out how our services can help your business in the area of cybersecurity.
Do not hesitate to contact us to find out more, we will answer all your questions.
Estimated reading time: 5 minutes With the advent of big data platforms, IT security companies can now make guid… https://t.co/aTv41eq2Ir
Estimated reading time: 5 minutes Ogni anno cresce costantemente il numero di attacchi che minacciano la sicurezz… https://t.co/e1g9VBSYq9
Estimated reading time: 5 minutes Every year the number of attacks that threaten the security of devices, comput… https://t.co/MnoEKRNMwk
Estimated reading time: 7 minutes Il vishing è una particolare tipologia di phishing che sfrutta la tecnologia Vo… https://t.co/q9OO03jSHj
Estimated reading time: 5 minutes Come abbiamo già affrontato precedentemente negli scorsi articoli, i ransomware… https://t.co/O8xUUJocYc