Professional Documents
Culture Documents
The Framework Functions: Identify
The Framework Functions: Identify
The Framework Functions: Identify
ecosystem for business. The identify, protect, detect, respond and recover elements ensure
each business or federal agency not only anticipates and prevents security risks, but also has a
system in place for managing threats and responding in urgent situations.
Identify
The step that jumpstarts cybersecurity practice, identify, assists businesses in developing an
organizational understanding of how to manage cybersecurity risks and how that apply to
systems, people, assets, data and capabilities.
Understanding the context of how security affects business enables an organization to focus
and prioritize its efforts, consistent with its risk management strategy and business objectives.
Identifying physical and software assets within the organization to establish an asset
management program
Identifying the business environment, the organization supports including the
organization's role in the supply chain, and the organization’s place within the critical
infrastructure sector
Identifying existing cybersecurity policies within the organization to define a
governance program and identifying legal and regulatory requirements regarding the
cybersecurity capabilities of the organization
Identifying asset vulnerabilities, threats to internal and external organizational
resources and risk response activities as a basis for the organization’s risk assessment
Identifying a risk management strategy for the organization including establishing risk
tolerances
Identifying a supply chain risk management strategy including priorities, constraints,
risk tolerances and assumptions used to support risk decisions associated with
managing supply chain risks
Protect
The second function, protect, outlines the appropriate safeguards required to deliver critical
infrastructure services. This function supports a business’s ability to limit or contain a
potential cybersecurity event.
Protections for identity management and access control within the organization for
both physical and remote access
Empowering staff within the organization through awareness and training, including
role-based and privileged user training
Establishing data security protection consistent with the organization’s risk strategy to
protect the confidentiality, integrity and availability of information
Implementing information protection procedures to maintain and manage information
systems and assets
Protecting organization resources through maintenance
Managing protective technology to ensure the security and resilience of systems and
assists are consistent with organizational policies, procedures and agreements
Detect
The detect function defines activities to identify the occurrence of a cybersecurity event and
enables timely discovery of such events.
Ensuring anomalies and events are detected and their potential impact is understood
Implementing security continuous monitoring capabilities to track cybersecurity
events and verify the effectiveness of protective measures
Maintaining detection processes to provide awareness of potential threats
Respond
The respond function establishes the appropriate actions regarding a detected cybersecurity
incident and supports a business’s ability to contain its impact.
Ensuring response planning processes are executed during and after an incident
Managing communications during and after an event with stakeholders, law
enforcement and external stakeholders as appropriate
Analysis is conducted to ensure effective event response and to support recovery
activities including forensic analysis and determining the impact of incidents
Mitigation activities are performed to prevent expansion of an event and to resolve the
incident
The organization implements Improvements by incorporating lessons learned from
current and previous detection/response activities
Recover
Lastly, the recover component helps identify the appropriate actions required to maintain
plans for security resilience and to restore any capabilities that may have been impaired due
to a cybersecurity event. This final function supports timely recovery to normal operations
and ensures a reduced impact from potential events.
While many organizations focus on the tools and processes required to monitor and reduce
risks, a truly effective cybersecurity program is only as good as the culture of awareness
instilled throughout the organization.
To learn more about the NIST’s framework for managing cybersecurity risks, view our
infographic for underlining the importance of personal accountability in the workplace.