What is the NIST Cyber Security Framework?

The NIST cyber security framework is a necessary tool that helps businesses strengthen their cybersecurity programs.  It provides best practice guidelines that help businesses improve their cyber security posture by providing recommendations and standards that better prepare a business for a cyber attack.  From identifying and detecting cyberattacks to responding, preventing and recovering from an incident.

Developed by the National Institute of Standards and Technology (NIST), this cybersecurity framework provides a common set of standards for businesses to use.  It is considered to be the gold standard for building your cyber security program.  No matter what stage of cyber security your business is at the NIST framework will provide a security management tool to help your business manage cyber risk across your business.

Advantages of the NIST Cyber Security Framework

In general, a cyber security framework is a voluntary paradigm, not a mandatory set of benchmarks. It provides organisations with a systematic implementation methodology and guidance based on proven cyber security data and best practices. It usually complements an organisation’s existing cyber security and risk management program.

By speaking a common ‘language’ of security risks, adversarial behaviours and recommended mitigation strategies, a cyber security framework enables organisations to identify, understand, manage and reduce risks. This language is usually easy to understand, and provides the relevant context that simplifies application in a practical, real-world setting.

The framework can also foster end-to-end, top-to-bottom cyber security communications amongst internal and external stakeholders about the organisation’s business objectives; risk profile, appetite and gaps, risk mitigation opportunities, strategies and priorities; required resources; and even budget.

5 core functions of the NIST cyber security framework

A versatile, tested and customisable cyber security framework is relevant and useful to organisations of all sizes, sectors and maturities. Ideally, organisations should choose a framework that includes multiple functions to cover every aspect of their risk management program. This will enable them to minimise risk to their infrastructure so they can meet critical business goals around innovation, efficiency, profitability, and customer privacy.

A cyber security framework should include these 5 key functions:

1. Identify

The Identify function provides the necessary tools, guidelines and best practices to provide organisations with an understanding of cyber security risk to their assets, capabilities, data and people. A thorough understanding of its own assets, business environment, policies, vulnerabilities and risk tolerances also enables an organisation to focus and prioritise its risk management and cyber security efforts in the short, medium and long term.

2. Protect

The second function should focus on protecting the assets, data and people. It involves implementing appropriate safeguards to protect critical infrastructure, ensure their resilience, and ensure the uninterrupted delivery of business services. These safeguards include Identity and Access Management (IAM), staff awareness training, and processes around information security, data security and remote maintenance. Equally important, the Protect function also includes guidelines and processes to limit potential cyber security events, and contain their impact if they do occur.

3. Detect

This Detect function defines how an organisation can identify a cyber security event. This is therefore key to taking action that mitigates its impact. Here, the organisation should implement processes to discover and identify (and where required, categorise) anomalies and outliers, while also understanding their potential impact. It’s also important to implement continuous security monitoring. Firstly to ensure that detection happens consistently and without interruptions, and secondaly, to verify the effectiveness of current protective measures.

4. Respond

A framework that effectively identifies and detects anomalous events, but fails to respond to them appropriately or on time, is inadequate. The Respond function includes the activities required to take action in case of a cyber security event. This is therefore designed to contain its impact. These activities include response planning and execution, event analysis, communications with internal and external stakeholders, event mitigation, and ongoing learning and improvements.

5. Recover

Since a cyber security framework is a set of recommendations, not a prescriptive or foolproof solution, it cannot guarantee complete cyber security. A quick Google search for ‘recent cyber security events’ will prove the need for cyber security that’s proactive and ongoing. And this is what a framework provides. It also provides ideas on what an organisation can do if it is the victim of a cyber event. It supports timely recovery to restore processes, systems and assets, and thus reduce an event’s impact. In the long term, the Recover function also identifies the activities that can promote organisational resilience. This is attained through robust communications, planning, reviews and training.

Cyber security is ultimately a continuous process. As outlined by NIST, a robust cyber security framework therefore provides the guidance that businesses need to stay safe from malicious attackers.

How safe is your organisation in today’s cyber-centric landscape? Kaine Mathrick Tech can help you understand your IT environment, and uncover your network and security risks. With this clear view of your risk profile, you can take the steps needed to strengthen your cyber security. Get in touch, for a FREE Cyber Security Risk Assessment, and learn the cyber strengths and weaknesses of your business.

It is recommended that you begin the NIST framework alignment of your cyber security program by focusing first on the Identify phase.  The Identify phase is the foundation and developing an accurate IT asset inventory, and understanding critical assets.

The Identify phase is concerned with discovering vulnerabilities and attackers can exploit.  Once you have implemented the Identify phase, you can work on implementing the Protect and Detect functions.

No matter how good your programs are it is inevitable, so it is important to ensure you have a way to restore your systems as quickly as possible.  Respond and Recover are the essential recovery phases of the NIST framework.