An Introduction to the NIST Cybersecurity Framework (part 1)
INTRODUCTION
Cybersecurity is crucial as data keeps growing and becomes more valuable every single year. A significant portion of an organization’s data is often sensitive information of their customers, business strategy or financial information that could badly affect the business of the company if those data were breached. Even though most organizations have a dedicated team of cybersecurity professionals to prevent cyber-attacks, we still see a great number of high-profile organizations from which data was stolen or were compromised otherwise.
Solely depending on a team of professionals working on preventing cyber-attacks would not be effective as it requires a collective effort from the entire organization. What is needed is a framework that underpins a system or concept at the core of the organization so that every working component such as people, processes, and technologies can be designed to act as one to improve the overall cybersecurity capabilities of the organization. A cybersecurity framework is a system of guidelines, standards and best practices to manage cyber threats or risks. It provides a systematic way to mitigate cyber risk no matter how complex the environment might be.
CYBERSECURITY FRAMEWORK
The NIST Cybersecurity Framework is one of the most widely adopted frameworks globally. The framework is introduced by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) in February 2014 [1]. The framework was initially focused on NIST’s own critical infrastructure but today it is being adopted by many organizations. In fact, according to the research company Gartner in 2015, 30% of U.S. organizations use the NIST Framework and it was predicted that the number will rise to 50% by the end of 2020. Internationally the framework has been adopted in over 27 countries, and Japan and Australia have made NCSF central to its Government programs.
The reason NIST Cybersecurity Framework is widely adopted is that it allows an organization to view cybersecurity holistically. The framework in general covers five critical functions of cybersecurity and the definitions for each function are stated below:
- Identify: It highlights the importance to “develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities”. The focus is on the organization, and how it relates to cybersecurity risk while taking into account the organization’s resources.
- Protect: “Develop and implement the appropriate safeguards to ensure the delivery of critical infrastructure services”. This function focuses on the crucial elements and actions that an organization needs to consider to help protect itself from cyber-related risks.
- Detect: “Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event”. Despite the organization’s best efforts in preventing cyberattacks, there’s still always a chance that it can occur. This function enables the organization to discover these threats in a timely manner.
- Respond: “Develop and implement the appropriate activities when facing a detected cybersecurity event”. Being able to detect threats in a timely manner wouldn’t bring any good if the organization is not able to respond to the threats rapidly and effectively. This function provides knowledge on how to design and implement processes or guidelines to follow when a threat is detected.
- Recover: “Develop and implement the appropriate activities for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event”. The recovery function is also very crucial as most businesses now are highly dependent on their digital assets in order to operate. A data breach could severely impact the operations of the business if the recovery process is not well executed.
NIST Cybersecurity Framework’s 5 Functions and Categories [2]
The framework covers the five important areas of cybersecurity providing the guideline or concept that any organization can implement to be equipped to respond effectively to cyberattacks, which is why it is widely considered to be the gold-standard for building a holistic cybersecurity program. To find out more about the NIST CS Framework, please sign up for Cybiant’s newsletter here or visit Cybiant’s knowledge centre. In the next article, we will share about the NIST Cybersecurity Framework Tiers and how an organization can benchmark or assess its cybersecurity capabilities.
