Develop and implement appropriate activities to identify the occurrence of a cybersecurity event
The National Institute of Standards and Technology’s Cybersecurity Framework, or NIST CSF, was first published in 2014 to provide guidance for organizational cybersecurity defenses and risk management. This framework is renowned for its inherent flexibility and open-endedness to account for different organizational needs. Show
At its center, NIST CSF is comprised of five core functions. This article will detail the third of these functions, Detect, and explore the Framework’s five core functions, what the Detect function is and the outcome categories and subcategory activities of this function. What is the NIST CSF framework core?The Framework core is a set of recommended activities designed to achieve certain cybersecurity outcomes and serves as guidance, not intended to serve as a checklist. The Framework core is composed of five functions that work together to achieve the outcomes mentioned above. These elements are:
What is the detect function?Just as many experts have made the analogy of the previous functions being the foundation and frame for the CSF core framework functions, the Detect function has been affectionately compared to a homeowner stocking their house with items to detect or warn of danger within the house, such as smoke detectors and home alarm systems. NIST defines the Detect Function as “(to) develop and implement appropriate activities to identify the occurrence of a cybersecurity event.” The focus of the Detect function is the organization’s ability to discover cybersecurity events in a timely manner. The heightened emphasis on timeliness is due to the fact that the longer an attack carries on, the more likely it is that data loss and other types of damage will be inflicted upon an organization’s systems, information and overall environment. Outcome categories and subcategory activitiesEach Framework function is composed of outcome categories that describe the kinds of processes and tasks that organizations should carry out for that Framework level. Outcome categories are in turn composed of subcategory activities. The Detect function contains three outcome categories: Anomalies and Events, Detection Processes and Continuous Monitoring. These outcome categories, along with their respective subcategory activities, will be explored below. Keeping with the spirit of NIST CSF, this article is intended to serve not as a list of draconian mandates but rather a flexible guide that works in tandem with categories and subcategory activities that are organization specific. The idea is to produce the best fit possible for the organization. Anomalies and eventsNIST defines this category as follows: “anomalous activity is detected and the potential impact of events is understood.” This means that organizations and their security teams should have the ability to detect anomalous activity in a timely manner because it may indicate dangerous activity. The organization’s cybersecurity leadership need to understand the potential impact of detected anomalous activity to get the most out of this function’s outcome categories and subcategory activities. Subcategory activities
Security continuous monitoringNIST defines this outcome category as follows: “the information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.” This function demands end-to-end IT system and asset monitoring to detect security issues and measure the ability of security safeguards deployed during the Protect core function. Monitoring should cover physical environments, networks, service provider and user activity and vulnerability scans should be performed on systems containing sensitive information. Subcategory activities
Detection processesNIST defines this outcome category as follows: “detection processes and procedures are maintained and tested to ensure awareness of anomalous events.” The organization must work to maintain all procedures and processes involved in detecting anomalous activity and protecting against potential cybersecurity events. This entails defining responsibilities and roles involved in detection, as well as ensuring that these detection activities meet industry compliance requirements and are continually improved. Subcategory activities
ConclusionThis core Framework function, Detection, is one of the most important of all NIST CSF core Framework functions. This function is where the organization defines important detection roles, responsibilities, and processes and where they are conscientiously implemented within the organization. Whereas the Identify and Protect functions were compared with the foundation and framing of a house, Detect has been compared installing security and detection devices in a house — and there has been no analogy more appropriate than that. Sources
How do you implement a cybersecurity program?9 Steps on Implementing an Information Security Program. Step 1: Build an Information Security Team. ... . Step 2: Inventory and Manage Assets. ... . Step 3: Assess Risk. ... . Step 4: Manage Risk. ... . Step 5: Develop an Incident Management and Disaster Recovery Plan. ... . Step 6: Inventory and Manage Third Parties. ... . Step 7: Apply Security Controls.. What are the five 5 steps of the cybersecurity lifecycle?Here, we'll be diving into the Framework Core and the five core functions: Identify, Protect, Detect, Respond, and Recover. NIST defines the framework core on its official website as a set of cybersecurity activities, desired outcomes, and applicable informative references common across critical infrastructure sectors.
How do you perform a cybersecurity risk assessment in 5 steps?Download this entire guide for FREE now!. Step 1: Determine the scope of the risk assessment. ... . Step 2: How to identify cybersecurity risks. ... . Step 3: Analyze risks and determine potential impact. ... . Step 4: Determine and prioritize risks. ... . Step 5: Document all risks.. How do you develop a Cybersecurity Framework?Tailoring the NIST Cyber Security Framework for your business. Step 1: Set your target goals. ... . Step 2: Create a detailed profile. ... . Step 3: Assess your current position. ... . Step 4: Gap analysis and action plan. ... . Step 5: Implement your action plan.. |