The NIST Cyber Security Framework (CSF) has 5 primary functions; Identify, Protect, Detect, Respond and Recover.
The identify function is an essential starting point for your security journey. Elements of the identify function include asset management, business environment, governance, risk assessment and finally risk management strategy.
Naturally, asset management is a vital category under the identify function and a typical starting point for most security leaders. If you don’t know something is there, you can’t possibly protect it. Visibility includes knowing your users, the applications they use and the devices on which they run them.
Asset management also involves you being aware of your network infrastructure, remote connections and interconnected suppliers and services. Visibility of all assets, physical and logical, ensures that we can consider the associated business risks.
Your business environment reflects your understanding of your business and how it operates. Looking at security in isolation is not effective, it must be in terms of your business operations.
Under the governance category heading we see the processes and policies of your organisation as well as general security operations being addressed.
Your risk management strategy is key to defining how you approach risk and how you handle the constantly evolving threat landscape. Risk assessment and assurance are addressed here with treatment plans, risk registers and a record of any impacts.
Supply chain management is partially addressed by asset management but also mainly under the governance and business environment categories of the NIST CSF.
To learn more and speak to our expert team, please complete the below and we’ll be in touch:
IP Performance enabled us to trial the system in a test environment and then between Dubai and Edinburgh. They provided us with full support and fast response to any problems.
Gavin Wilson, Systems Development Manager, Heriot Watt University
