NIST


The NIST framework contains five categories of “core” functions that are necessary to achieving cyber security: Identify, Protect, Detect, Respond and Recover.


For more information see http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf


Identify

Including Governance, Risk Assessment and Risk Management  
Develop the organisational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

The activities in the Identify function are the foundation for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organisation to focus and prioritise its efforts, consistent with its risk management strategy and business needs.

Examples of outcome Categories within this Function include:
  • Asset Management
  • Business Environment
  • Governance
  • Risk Assessment
  • Risk Management Strategy
> Centralise trust policy for endpoints

> Assign trust and threat ratings for all software in your environment

> Apply risk ranking to your file inventory

> Enterprises can set up trusted software rules and proactively enforce policies.
 
> Block the execution of any software that is not pre-approved to run.
 


Protect

Including Asset Control, Data Security, Protective Technology

Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.

The Protect function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include:

  • Access Control
  • Awareness and Training
  • Data Security
  • Information Protection Processes and Procedures
  • Maintenance
  • Protective Technology

> Protect endpoints and servers by enforcing the trust policy across every endpoint.




Detect

Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

The Detect function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include:

  • Anomalies and Events
  • Security Continuous Monitoring
  • Detection Processes

> Detect advanced threats in real time without signatures.

> Provide visibility into what’s running on every endpoint and server.

> Monitoring and detecting anomalies - as they happen in real time to ensure the desired endpoint configuration is kept in check.

> Enforce the enterprise trust policy on all endpoints and reduce scope by controlling and blocking unauthorised change.

> Provide logging and unauthorised access tracking




Respond

Including Response Planning, Analysis, Mitigation

Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

The Respond Function supports the ability to contain the impact of a potential cybersecurity event.

Examples of outcome Categories within this Function include:

  • Response Planning
  • Communications
  • Analysis
  • Mitigation
  • Improvements

> Provide cyber forensics information so you can quickly prioritize and triage alerts

> Analyse and remediate incidents and any compelling security event.

> Full history of all executed processes on every endpoint and server.



Recover

Including Recovery Planning, Communications

Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include:



  • Recovery Planning

  • Improvements
  • Communications
Comply with NIST SP 800-53 mandates by maximising the security of the IT infrastructure, with solutions for;  

  • Access control
  • Audit
  • Accountability
  • Identification
  • Authentication
> Automatically locating privileged accounts and password change management

Locate throughout the enterprise, changing each of these account’s password to a unique value, and deploying the password changes wherever they may reside within the data center.  




> Guard against the threat of unauthorised users and malicious programs compromising a shared or default privileged password and gaining anonymous access to sensitive data on the network.

Protect an agency or organisations most crucial data by fully auditing administrative access to systems and applications in the IT infrastructure.

Provide the accountability of showing precisely who had access to sensitive data, at what time and for what stated purpose.

This information can be provided to security auditors to verify compliance with FISMA and other major regulatory mandates.



> Shut down out-of-scope processes as soon as they are detected.

> Understand and report on incidents and provides a complete awareness to all the stakeholders of the IT security policy.




Contact us today to discuss your requirements in more detail.

P: +44(0)7714 209927

S: +44(0)1273 329753

info@securenetconsulting.co.uk