Explaining the NIST Cybersecurity Framework
The NIST Cybersecurity Framework gives organizations a 5-point structure to improve their cybersecurity posturing. While this is not regulatory, it is widely considered best practice — and as such, it offers organizations powerful ways to take charge of their cybersecurity strategy. By using the NIST Cybersecurity Framework, organizations can assess their exposure, evaluate their cybersecurity measures, and decrease risk. So what does NIST entail and how can each of the 5 points improve cybersecurity?
What is the NIST Cybersecurity Framework?
The NIST Cybersecurity Framework was first developed in 2014 with the goal of helping organizations become proactive about managing their risk.
One-third of IT organizations surveyed in the 2016 Tenable Trends in Security Framework Adoption Survey reported using the NIST Cybersecurity Framework for cybersecurity planning, and the majority of those using the framework expressly did so because of its reputation as a best practice.
The NIST Cybersecurity Framework includes a core of activities and references that suggest best practices approaches to different aspects of cybersecurity. Implementation tiers — from partial to adaptive — help every organization perform a self-assessment of their cybersecurity risk and mitigation strategies. The tiers help stakeholders understand how the organization compares to its peers and see where improvements are needed.
The framework encourages organizations to develop a current profile of how protected their data is at present, then identify which tier is their goal. By comparing their current level with their desired tier, organizations can then close the gaps between their current profile and their target profile with a road map that outlines actionable steps to better protect their organization as informed by the five points of the NIST Cybersecurity Framework. The tiers provide ways to measure improvement.
Benchmarking with profiles allows organizations to determine opportunities where they can make the most direct improvements. As they improve their position, they close distance between tiers. Meanwhile, the current and desired profiles help the organization connect its business requirements, risk tolerance, and resources to the cybersecurity plan for greater understanding of what must happen for protection.
The 5 Points of the NIST Cybersecurity Framework
The NIST Cybersecurity Framework requires that organizations understand their environment fully so they can manage cybersecurity risks at the data, asset, and systems levels. To comply with this aspect of the framework, organizations must thoroughly inventory and identify their assets. It is not enough to know what assets the organization owns; you must understand how the different pieces are connected and what roles or responsibilities employees have regarding data.
Only once you have a full and accurate picture of these risks can you determine how your current cybersecurity policies protect your organization — and where they fall short. It’s no wonder that protect is the second step of the NIST Cybersecurity Framework.
Organizations need to implement the appropriate safeguards to mitigate the impact of a cyber threat. This does not mean prevent every possible threat from happening, but rather to contain fallout. Compliance with this aspect of the framework varies by organization, however, typical duties include:
- Access control over physical and digital assets
- Employee awareness training
- Data management processes
- Deploying protective technology to deter threats
- Repairing system components on a regular basis
Speed matters when it comes to threat mitigation. Under NIST, organizations should implement the appropriate measures to quickly uncover cybersecurity events and take the right actions. Continuous monitoring and threat hunting solutions make it easy to notice unusual activity or spot cyber threats quickly.
When your data is organized and your team is prepared to respond to a cyber attack, you can be proactive in the situation.
While you hope to avoid a cyber attack though prevention, you must be prepared to respond if one does occur. Thus, response is part of the NIST Cybersecurity Framework.
Your organization needs to create a response plan, delineate a chain of command among appropriate individuals, collect information as the attack proceeds, figure out your response, and quickly put the appropriate plan in place to eradicate the threat.
After the event, you must review what happened. What worked and what didn’t work? How can you incorporate lessons learned into your response toolkit to be better prepared the next time?
Organizations should always be striving to improve their cybersecurity posturing, hence the final aspect of the NIST Cybersecurity Framework is recovery.
Top priority is getting back to business. This means recovering data that was lost, restoring capacities that were impaired, and ensuring everything is as it should be. To streamline the recovery, develop a plan before you need it. Then employees can coordinate in-house and external deliverables to get the system running.
Many organizations find it helpful to prioritize their list using action points. During the recovery, they can move from highest priority down the list to quickly accomplish tasks.
After the systems are running again, your organization should review what happened and take note of important lessons learned in the recovery. The recovery plan should be updated to reflect what you’ve learned.
Gain Peace of Mind About Your Cybersecurity
Knowing more about the NIST Cybersecurity Framework, you can review your organization’s posturing with a critical eye and make changes that deliver powerful protection from cyber threats as well as peace of mind that you are doing everything in your power to deter threats.
Let I.S. Partners assist you with IT assurance. We offer cybersecurity assessments modeled on the NIST Cybersecurity Framework. These assessments help you move from being a reactive posture to a proactive posture, where employees feel empowered to step in when an attack occurs. Proactive organizations adapt to the day to day changes and rise to crisis situations to protect critical assets.
When your organization has the knowledge and skills to adapt to changing cyber threats, stay on top of infrastructure, and keep track of trends, you can be future ready. Call us at 215-675-1400, request a quote, or launch a live chat to get an estimate.