5 Essential NIST-Related Cybersecurity Functions You Need To Address
When it comes to cybersecurity, the most important thing you can do is stay vigilant. This requires ongoing attention to the details of your IT environment.
Many business leaders get overwhelmed by cybersecurity. I’m writing this article: to put cybersecurity into five clearly defined and manageable functions.
I’ve been working in IT for more than 8 years. In my current role at Kelser as manager, engineering services, I follow cybersecurity trends every day.
In this article, we’ll explore five basic cybersecurity functions that every organization needs to address no matter the size of the business.
After reading this article, you will have a concrete understanding of these five functions and be prepared to put your knowledge into action.
What 5 Essential Cybersecurity Functions Need To Be Addressed?
I don’t claim that these five key cybersecurity functions are an original idea. In fact, they come from the National Institute of Standards And Technology (NIST) Cybersecurity Framework (CSF). They represent one way to look at the individual controls put forth by the Center for Internet Security (CIS).
The 5 functions are a good place to start for any cybersecurity plan (and to measure against regularly). They are:
1. Identify
You can’t protect what you don’t know you have.
You must be able to identify:
-
- your assets (hardware and software), your users (and their accounts)
- your suppliers
- your data (and how critical it is or isn’t)
- your business risks
Without knowing what assets you have, you can’t protect them appropriately.
Without a full understanding of your users, you can’t look for unauthorized access.
Without knowing your suppliers, you can’t provide the appropriate access they need to do their jobs.
Without understanding your data and how sensitive it is, you may not have the right protections in place and you may be subject to contractual or regulatory penalties.
But, all of those things stem from a complete understanding of the risks your business faces and the knowledge that threats and risks are constantly evolving.
I say it all the time, but it bears repeating: Cybersecurity is not a “set it and forget it” exercise. It requires ongoing vigilance and an understanding of what you need to protect to keep your organization safe.
The best cybersecurity protections take into account what needs protecting and evolve over time to reflect (and thwart) newly evolving threats.
2. Protect
Once you understand your assets, you are ready to put in place the proper protections. Protections must be effective at keeping your systems and data from being negatively impacted without hindering the ability of users to perform daily tasks.
Related article: Protect Your Information Online: 3 Tactics To Implement Today
These protections could be physical protections which may include locks, armed security (depending on the risk and sensitivity of data), and badge-only access areas.
There are also digital protections including firewalls, anti-malware software, email spam/malware protections, secure configurations of servers and workstations, patch updates/management, and vulnerability scanning.
Related article: What Is A Business, Commercial, Or Enterprise Firewall? Do I Need One?
In most cases, a combination of physical and digital protections offers the most comprehensive solution.
And, don’t overlook the importance of employee security training. It is one of the most cost-effective deterrents.
Related article: What Does Good Physical Security Look Like?
3. Detect
If you aren’t monitoring your infrastructure, how can you detect unusual events that could indicate security incidents in your environment? The truth is, you can’t.
Several tools can be used to detect potential security incidents.
One of the tools that can be used to detect potential incidents is a security information and event management (SIEM) solution. SIEM solutions provide centralized monitoring and analysis capability and specialized services that can correlate events from different kinds of data sources.
They also can generate reports that track contractual compliance metrics and they can even be used for large-scale Security Operations Centers.
Security audit log management and monitoring can also help detect questionable activities.
4. Respond
How will you respond when an event (or potential event) happens (and notice I say “when” not “if”).
Do you have a business continuity and disaster recovery plan? Is it in writing? Are all of your key stakeholders aware that it exists? Has it been vetted? Do you know that it will work? What will trigger the implementation of this plan?
Does your plan include an alternate business location? Does it include communications with appropriate third parties like legal counsel, insurance providers, law enforcement, employees, and customers?
5. Recover
One of the most important factors in your ability to recover from a cyber incident is the preparation you do ahead of time. Specifically, I’m talking about backing up your data.
Do you perform and test backups of your data? How confident are you that you can recover from an incident (whether security-relevant or a natural disaster) that may affect data integrity or availability?
Do you have regular data backups scheduled? Have you conducted a dry run to ensure that all of the information you think is being backed up is, in fact, being backed up? Is the information easily accessible? Do multiple people know how to access it?
If a natural disaster occurs in your part of the country, is there a backup stored in another geographic region that you can easily access?
How Can You Address These Five Essential Cybersecurity Functions?
Now that you’ve read this article, you know the five cybersecurity functions you need to address: identify, protect, detect, respond, and recover. You understand the importance of each function and the steps you can take to implement them.
Depending on your current state of cyber readiness and the size and skills of your internal IT staff, you may be able to implement everything you need internally to fortify your organization.
Or, you may want to partner with an external IT support services team that has the depth and breadth of expertise to support your preparation.
At Kelser, we offer a full complement of managed IT support services including cybersecurity support. But, we know that managed IT isn’t the right solution for every organization.
Rather than try to convince you to work with us, we’d rather provide honest information that business leaders like you can use to find the right IT solution for your organization. It doesn’t do either of us any good to work together if we aren’t the right fit.
Instead, if you are looking for IT support, we encourage you to check out several providers to find the best fit for you.
In fact, we take this advice so seriously that we’ve even done some of the legwork for you. Read this article for an unbiased comparison of Kelser and IT Direct, one of our competitors, or visit our learning center for other comparison articles.
Interested in putting together a cybersecurity policy? Read this article to learn 7 characteristics of successful cybersecurity policies.
