The Five Functions of the Cybersecurity Framework July
8 Slides987.21 KB
The Five Functions of the Cybersecurity Framework July 2018 [email protected]
The Five Functions Highest level of abstraction in the core Represent five key pillars of a successful and wholistic cybersecurity program Aid organizations in expressing their management of cybersecurity risk at a high level 3
The Identify Function The Identify Function assists in developing an organizational understanding of managing cybersecurity risk to systems, people, assets, data, and capabilities Example Outcomes: Identifying physical and software assets to establish an Asset Management program Identifying cybersecurity policies to define a Governance program Identifying a Risk Management Strategy for the organization 4
The Protect Function The Protect Function supports the ability to limit or contain the impact of potential cybersecurity events and outlines safeguards for delivery of critical services Example Outcomes: Establishing Data Security protection to protect the confidentiality, integrity, and availability Managing Protective Technology to ensure the security and resilience of systems and assists Empowering staff within the organization through Awareness and Training 5
The Detect Function The Detect Function defines the appropriate activities to identify the occurrence of a cybersecurity event in a timely manner Example Outcomes: Implementing Security Continuous Monitoring capabilities to monitor cybersecurity events Ensuring Anomalies and Events are detected, and their potential impact is understood Verifying the effectiveness of protective measures 6
The Respond Function The Respond Function includes appropriate activities to take action regarding a detected cybersecurity incident to minimize impact Example Outcomes: Ensuring Response Planning processes are executed during and after an incident Managing Communications during and after an event Analyzing effectiveness of response activities 7
The Recover Function The Recover Function identifies appropriate activities to maintain plans for resilience and to restore services impaired during cybersecurity incidents Example Outcomes: Ensuring the organization implements Recovery Planning processes and procedures Implementing improvements based on lessons learned Coordinating communications during recovery activities 8
Resources Where to Learn More and Stay Current Framework for Improving Critical Infrastructure Cybersecurity and related news, information: www.nist.gov/cyberframework Additional cybersecurity resources: http://csrc.nist.gov/ Questions, comments, ideas: [email protected] 9