VIDEO
Organisations and government departments worldwide use the framework to engender a continuous process starting with identifying assets, applying protection to those assets and monitoring for attacks against them. Finally, the framework suggests how we need to plan our response and rehearse our recovery.
Not only does the NIST CSF help to establish essential continuous security processes but it significantly helps to define the remit of cyber security in the organisations. This leads to clearly responsibility, accuracy in terms of budgets and ROI as well as introduce a measurable operational environment in a constantly evolving and expanding threat landscape.
The framework itself is made up of 5 functions ; Identify, Protect, Detect, Respond and Recover.
The functions are further broken down into 23 categories and underneath those categories are 108 sub-categories .
Such a functional structure makes auditing an organisationsā security simpler and can ensure that budgets are applied proportionately.
The functions of the framework take place in a logical order, enabling your security approach to use the identify function as a foundation for their organisationās security posture, and in turn, the protect function as the initial phase of defensive measures. The two functions of identify and protect can be followed iteratively, first gaining visibility of your assets, defining the risks and impact against these assets and applying a programme of defences that includes policy, process and technology. The NIST CSF maps very closely to the 2017 NIS Directive (Now NIS Regulations) where the UK government published the first version of the Directive in order to guide suppliers of essential services to the Critical National Infrastructure.
To learn more and speak to our expert team, please complete the below and we’ll be in touch:
IP-Performance recently ran 2 virtual cyber breach response workshops for Elmbridge Borough Council and we cannot recommend them highly enough. As well as lots of practical resources & templates to take away, the second day culminates with an simulation which brings a cyberattack to life. Itās highly interactive, slightly stressful, but most importantly really makes you think! Thereās a definite buzz around cyber at Elmbridge now thanks to Phil and team.
Nikki Benge, ICT Business Manager, Elmbridge Borough Council