The 5 Core Functions identified by NIST give us a strategic outlook of the life cycle risk management related to an organization’s IT security and should be taken as a reference milestone. Here is how to join with the 5 Functions:
1 Identify
Organizations must develop an understanding of environment to manage cybersecurity risk to systems, assets, data and capabilities. To comply with this Function, it is essential to have full visibility into our digital and physical assets and their interconnections, defined roles and responsibilities, understand our current risks and exposure and put policies and procedures into place to manage those risks.
2 Protect
Organizations must develop and implement the appropriate safeguards to limit or contain the impact of a potential cybersecurity event. To comply, our organization must control access to digital and physical assets, provide awareness education and training, put processes into place to secure data, maintain baselines of network configuration and operations to repair system components in a timely manner and deploy protective technology to ensure cyber resilience.
3 Detect
Organizations must implement the appropriate measures to quickly identify cybersecurity events. The adoption of continuous monitoring solutions that detect anomalous activity and other threats to operational continuity is required to comply with this Function. Our organization must have visibility into its networks to anticipate a cyber incident and have all information at hand to respond to one. Continuous monitoring and threat hunting are very effective ways to analyze and prevent cyber incidents in ICS (Internet Connection Sharing) networks.
4 Respond
Should a cyber incident occur, organizations must have the ability to contain the impact.To comply, our organization must craft a response plan, define communication lines among the appropriate parties, collect and analyze information about the event, perform all required activities to eradicate the incident and incorporate lessons learned into revised response strategies.
5 Recover
Organizations must develop and implement effective activities to restore any capabilities or services that were impaired due to a cybersecurity event. Our organization must have a recovery plan in place, be able to coordinate restoration activities with external parties and incorporate lessons learned into our updated recovery strategy. Defining a prioritized list of action points which can be used to undertake recovery activity is critical for a timely recovery.