Any organization can incorporate these core functions into their cybersecurity programs. These functions provide high-level cyber risk management for an organization.
NIST (National Institute of Standards and Technology) Framework
The NIST cybersecurity framework built by NIST using existing standards, guidelines and practices to help organizations to manage and reduce cybersecurity risks. The five core cybersecurity functions are defined and organized in this NIST framework.
These five functions help organization to provide strategic view of the cybersecurity risk management.
Identify
If you don’t know what you have, you cannot protect. Take a complete inventory of all critical resources like your system, data, capabilities and including critical people. By doing this will help you prioritize the steps to protect them.
Protect
Once you have identified, develop and implement security measures to mitigate or prevent critical business functions. This approach involves increase cybersecurity awareness and training all employees about online safety practices. Also, implement software and protective technology to mitigate any risks.
Detect
Look for suspicious activity before they have an adverse impact. Organization should implement continuous monitoring system to detect any cybersecurity events. There are many tools are available, like antivirus software, email spam detection and so on.
Respond
This function includes communication, planning, and mitigating measures. If an organization never had a security breach doesn’t mean they are immune to cybersecurity events no matter how powerful protection they have. Also, analyzing the effectiveness of response activities.
Recover
Develop activities and maintain plans to restore business capabilities or services that were affected because of a cybersecurity event. This should include plans to get back to normal business activities after a cybersecurity event.