The Five Main Cyber Security Activity Categories - IDPRR

When dealing with the cyber security of your organization you have to evaluate your legal environment. Are there regulations put into place that can help regulate and maintain a safe and secure work environment? Is there a set policy framework for computer security guidance that will help me assess our cyber security readiness? 

In 2014, the version 1.0 of the NIST Cybersecurity Framework (NIST CSF) was published by the US National Institute of Standards and Technology. NIST CSF helps shift organizations to be more proactive about risk management, especially with the continued popularity in internet usage. According to a survey "Trends in Security Framework Adoption". 70% of organizations view NIST's framework as a security best practice. But what exactly does it entail?

The NIST CSF organizes material into five different "functions" which can be placed within 22 different "categories". Each category defines a number of subcategories of outcomes and security controls, which total up 98. Below we've listed the five functions of the NIST CSF framework and their categories.

Identify

"Develop the organizational understanding to manage cyber security risk to systems, assets, data, and capabilities."

  • Asset Management (ID.AM)
  • Business Environment (ID.BE)
  • Governance (ID.GV)
  • Risk Assessment (ID.RA)
  • Risk Management Strategy (ID.RM)

Protect

"Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services."

  • Access Control (PR.AC)
  • Awareness and Training (PR.AT)
  • Data Security (PR.DS)
  • Information Protection Processes and Procedures (PR.IP)
  • Maintenance (PR.MA)
  • Protective Technology (PR.PT)

Detect

"Develop and implement the appropriate activites to identify the occurrence of cybersecurity event."

  • Anomalies and Events (DE.AE)
  • Security Continuous Monitoring (DE.CM)
  • Detection Processes (DE.DP)

Respond

"Develop and implement the appropriate activities to take action regarding a detected cyber security event."

  • Response Planning (RS.RP)
  • Communications (RS.CO)
  • Analysis (RS.AN)
  • Mitigation (RS.MI)
  • Improvements (RS.IM)

Recover

"Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event."

  • Recovery Planning (RC.RP)
  • Improvements (RC.IM)
  • Communications (RC.CO)