Governance Risk and Compliance
What Is NIST?
The NIST Cybersecurity Framework is a set of guidelines for mitigating organisational cybersecurity risks, published by the US National Institute of Standards and Technology (NIST).
The framework is based on existing standards, guidelines, and best practices.
The Framework is designed for individual businesses and other organisations to assess risks they face.
The NIST Cybersecurity Framework takes a generalised and high-level approach to security best practices, outlining key concepts and processes to consider when designing a robust security practice, regardless of the type of organisation implementing the guidance.
NIST’s goal with the Cybersecurity Framework is to help organisations determine what processes and controls are most relevant to their unique challenges, and how best to implement and test the efficacy of the security measures they put in place.
The Framework doesn’t list tables of security controls; instead, it classifies its key points into 5 areas that comprise the Framework Core.
5 Areas Of NIST
There are five key areas within the NIST Cybersecurity Framework.
These are: Identify, Protect, Detect, Respond, and Recover.
Within these five areas, NIST provides industry-agnostic guidance to help organisations achieve ideal security-related levels of competence and compliance.
The first function of the framework, NIST defines the Identify function as calling on the need to “develop the organisational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.” The focus is on the business and how it relates to cybersecurity risk, especially taking into account the resources at hand. The outcome categories associated with this function, for example, are:
- Asset Management
- Business Environment
- Risk Assessment
- Risk Management Strategy
The NIST Identify function lays the groundwork for your organisation’s cybersecurity actions moving forward. Determining what exists, what risks are associated with those environments, and how it relates to your business goals is crucial to success with the Framework.
Successful implementation of the Identify function leads organisations to grasp all assets and environments apart of the enterprise, defining the current and desired states of controls to protect those assets and a plan to go from current to desired states of security. The result is a clearly defined state of an organisation’s cybersecurity posture articulated to both technical and business-side stakeholders.
The NIST Framework key functions are to help organisations improve their cybersecurity risk management. This is achieved through the organisation of information, controlled sharing of sensitive information, the enabling of cybersecurity risk management decisions, addressing threats, and improving by learning from previous activities.
The Protect function of the Framework Core is essential because its purpose is to develop and implement appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. According to NIST, examples of outcome categories within this Function include Identity Management and Access Control, Awareness and Training, Data Security, Information Security Protection Processes and Procedures, Maintenance, and Protective Technology.
Where Identify focuses primarily on baselining and monitoring, Protect is when the Framework becomes more proactive. The manifestation of these categories and the Protect function as a whole is seen with multi-factor authentication practices to control access to assets and environments and employee training to reduce the risk of accidents and socially engineered breaches.
With breaches becoming increasingly common, employing proper protocols and policies to reduce a breach’s risk is becoming especially crucial. The framework’s Protect function is the guide and dictates the necessary outcomes to achieve that goal.
The Detect function requires the development and implementation of the appropriate activities to recognise the occurrence of a cybersecurity event.
Examples of outcome categories within this Function include Anomalies and Events; Security Continuous Monitoring; and Detection Processes.
The Detect function of the Framework Core is a critical step to a robust cyber program – the faster a cyber event is detected, the faster the repercussions can be mitigated.
Examples of how to accomplish steps towards a specific Detect function:
- Anomalies & Events:
Prepare your team to have the knowledge to collect and analyse data from multiple points to detect a cybersecurity event.
- Security & Continuous Monitoring:
Make your team monitor your assets 24/7 or consider using an MSS to supplement.
- Detection Processes: Attempt to know about a breach as soon as possible and follow disclosure requirements as needed. Your program should be able to detect inappropriate access to your data as quickly as possible.
Detecting a breach or event can be critical for your organisation, making the Detect function of the Cybersecurity Framework critical to both security and business success. Following these standards and best practices and implementing these solutions will help you scale your program and mitigate cybersecurity risk.
NIST defines the Respond function as “Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.”
The Respond Function supports the ability to contain the impact of a potential cybersecurity incident. Examples of outcome categories within this Function include Response Planning, Communications, Analysis, Mitigation, and Improvements.
The Respond function employs response planning, analysis, and mitigation activities to ensure that the cybersecurity program is continuously improving.
Starting with an incident response plan is a vital first step to adopting the Respond function – ensuring compliance with necessary reporting requirements encrypted and transmitted securely for a given location and industry. An excellent next step is a mitigation plan – what are the steps your team will take to remediate identified risks to your program and organisation?
The Framework Core then identifies underlying key categories and Subcategories for each Function and matches them with example Informative References such as existing standards, guidelines, and practices for each Subcategory (NIST).
According to the NIST framework, Recover is defined as the need to “develop and implement the appropriate activities to maintain plans for resilience and restore any impaired capabilities or services due to a cybersecurity event.”
The Recover Function supports timely recovery to normal operations to reduce the impact of a cybersecurity event. Examples of outcomes for this Framework’s Core function include Recovery Planning, Improvements, and Communications.
NIST CSF Recover includes these areas:
- Recovery Planning:
Recovery procedures are tested, executed, and maintained so that your program can mitigate the effects of an event sooner rather than later.
Recovery planning and processes are improved when events happen, and areas for improvement are identified and solutions put together.
Coordinate internally and externally for greater organisation, thorough planning, and execution.
The Recover function is essential not only in the eyes of the business and security team but also in that of customers and the market. Rapid recovery puts businesses in much better positions internally and externally than those with limited plans. Aligning a recovery plan will help ensure that, if a breach occurs, the company can stay on track to achieve the necessary goals and objectives and implement the important lessons learned.
Implementing the NIST Framework Core
The framework consists of three key components, core, tiers and profile:
The framework implementation tiers provide context on how an organisation manages risk. There are four tiers in total, with one being the lowest. Organisations on the first tier have yet to implement any of the cybersecurity management techniques outlined in the framework core.
The framework profiles refer to the alignment of an organisation’s operational priorities with its cybersecurity protocols. These profiles help identify and prioritise opportunities for improvement. As such, they constantly evolve to adapt to the changing threat landscape.
Allows organisations to build from a strong foundation to achieve compliance with new regulations as they emerge.
Please complete the form below to find out more.
What Our Clients Say
“CyberWhite have been a pleasure to deal with by repeatedly demonstrating their professionalism and technical knowledge throughout the procurement process and execution of our project. From initially exploring our goals to a consultant working with us on-site and remotely, we’ve enjoyed a positive experience that has ultimately benefited our organisation and helped to improve our Cyber Security posture.”
“I would like to say a thousand “thank you’s” to CyberWhite after rescuing us from the commercial disaster we faced after being subjected to a very sophisticated fraud. Without the timely involvement and expertise from CyberWhite, we would undoubtedly have faced catastrophic consequences including a significant financial loss and possibly a forced closure of the business. We will always remember the kindness and professional approach taken by the CyberWhite team. They were able to successfully recover the critical data which was the life blood of our business. This expertise has allowed us to continue trading and provided us with the additional benefits of ensuring that we are more cyber risk aware and we now have a security partner to support us.”
“As an Operator of Essential Services, PX Group comply with advice provided by recognised security bodies such as NCSC. The advice is relevant to all organisations who provide infrastructure or support to the UK’s critical national infrastructure. PX Group engaged CyberWhite to undertake Third Party Security Audits (aligned to ISO28000:2007) against key suppliers who had access to information assets within the PX Group domain. CyberWhite created a comprehensive audit document set and supported this with interviews and visits in order to validate responses. The output from CyberWhite was comprehensive and provided security assurance to PX Groups stakeholders and interested parties that the key suppliers had a focus on security and understood and could demonstrate best practices in relation to the handling of PX Groups information assets. This process has been invaluable in validating what we believed and providing a platform from which we will continue to assess, review and benchmark all parties in our information supply chain.”