WK 2 NIST's frameworks Flashcards
The NIST Cybersecurity Framework (CSF)
The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
This framework is widely respected and essential for maintaining security regardless of the organisation you work for
The CSF consists of five important core functions…
- Identify
The first core function is identify, which is related to the management of cybersecurity risk and its effect on an organization’s people and assets. For example, as a security analyst, you may be asked to monitor systems and devices in your organization’s internal network to identify potential security issues
Imagine that one morning you receive a high-risk notification that a workstation has been compromised. You identify the workstation, and discover that there’s an unknown device plugged into it.
The CSF consists of five important core functions…
- Protect
The second core function is protect, which is the strategy used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats. For example, as a security analyst, you and your team might encounter new and unfamiliar threats and attacks. For this reason, studying historical data and making improvements to policies and procedures is essential.
You identify the workstation, and discover that there’s an unknown device plugged into it. You block the unknown device remotely to stop any potential threat and protect the organization.
The CSF consists of five important core functions…
- Detect
The third core function is detect, which means identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections. For example, as an analyst, you might be asked to review a new security tool’s setup to make sure it’s flagging low, medium, or high risk, and then alerting the security team about any potential threats or incidents.
Then you remove the infected workstation to prevent the spread of the damage and use tools to detect any additional threat actor behavior and identify the unknown device.
The CSF consists of five important core functions…
- Respond
The fourth function is respond, which means making sure that the proper procedures are used to contain, neutralise, and analyse security incidents, and implement improvements to the security process. As an analyst, you could be working with a team to collect and organize data to document an incident and suggest improvements to processes to prevent the incident from happening again.
You respond by investigating the incident to determine who used the unknown device, how the threat occurred, what was affected, and where the attack originated.
The CSF consists of five important core functions…
- Recover
The fifth core function is recover, which is the process of returning affected systems back to normal operation. For example, as an entry-level security analyst, you might work with your security team to restore systems, data, and assets, such as financial or legal files, that have been affected by an incident like a breach.
In this case, you discover that an employee was charging their infected phone using a USB port on their work laptop. Finally, you do your best to recover any files or data that were affected and correct any damage the threat caused to the workstation itself.