Navigating the NIST Cybersecurity Framework
As the security landscape evolves, matures, and becomes more complex, organizations need a framework of trust that they can easily adopt and integrate into their existing security ecosystem. With all the tools available on the market today to improve your company’s cybersecurity, it’s easier than ever to get started with security protocols.
However, there is a caveat: these tools do not provide everything you need to develop a comprehensive strategy. The paralysis of analysis is real—It is very difficult to know where to start when adopting a trusted cybersecurity framework that best suits the needs of your organization.
Huntress II sales engineer Todd Painter and industry expert Wes Spencer came together in April 2022 to discuss the deNISTification (see what we did there?) About cybersecurity leveraging NIST’s effective cybersecurity framework. . We will cover some of the topics and information they addressed during the live webinar.
NIST’s cybersecurity framework
He National Institute of Standards and Technology (NIST) has developed a number of documents known as Framework for improving the cybersecurity of critical infrastructures. If you follow NIST’s cybersecurity framework, you will ensure that your money is spent in the right areas to build an effective defense strategy.
The five pillars of NIST
Five functional pillars include NIST’s cybersecurity framework: identifying, protecting, detecting, responding, and retrieving.
- To identify: Identifying your assets is the first step in adopting this framework, as it helps you build a solid foundation. After all, how can you protect your assets if you don’t know what’s around you (or your partner)? People often think that the term “assets” only refers to devices, but it also refers to your users, data, applications, and vendors. When identifying your asset inventory, you will also need to determine your governance, risk and compliance (GRC) status and look for vulnerabilities and risks.
- To protect: Defending your assets against potential threats is perhaps the most critical aspect of cybersecurity. The key is to determine how much protection is needed to contain or limit the effects of a cybersecurity incident. You’ll start by reviewing management, authentication, and access control, followed by awareness and training, data security, information protection, maintenance, and security technology. While focusing primarily on technical checks here, don’t rule out the importance of physical security!
- Detect: Detection is much more than just alerting of cyberattacks. Following the recommendations of this NIST pillar will allow you to detect all Cybersecurity events, such as newly installed software or applications, failed login attempts, and new devices or users. By establishing strong detection capabilities, you will see anomalies and events, continuous security monitoring, and detection processes.
- Answer: This pillar addresses your ability to contain the impact of a cyberattack, with categories that include response planning, communication, analysis, mitigation, and improvement. Make sure your team can respond to detection tool alerts and let each person know their roles and responsibilities in the event of an incident. Reviewing all incidents retroactively and incorporating lessons learned is the final step in an ongoing incident response plan.
- Recover: The final framework pillar covers your recovery planning, upgrades and communications. Your business needs will help you determine your data priorities, so if an incident occurs, you can start restoring your data immediately. Don’t forget test your backups and practice in advance using table exercises to help you prepare for a cyberattack!
Do you want to delve deeper into NIST’s cybersecurity framework? We break it down even more on our blog Breaking down the NIST cybersecurity framework.
A total of 23 categories are divided into these five functions, which cover cybernetics, physical and personal, and focus on business results. These categories branch into 108 subcategories, which can be overwhelming to navigate. If you don’t know where to start, don’t worry: check out CIS Controls v8.
Complement of CIS Controls v8
Although the NIST cybersecurity framework was created by the U.S. federal government, it has quickly become the industry standard for cybersecurity best practices.
For this reason, the National Cybersecurity Alliance (NCSA) created the cybersecurity framework profile to help organizations select the right cybersecurity framework for their business. The NCSA has also created a rating system for cybersecurity frameworks that meet this profile: the NCSA Complement the v8 cybersecurity framework (or simply “CIS Controls”).
CIS controls are comparable to the NIST cybersecurity framework, but focus on the specific needs of the business sector and the maturity of enterprise cybersecurity to determine where that organization is in the cybersecurity journey.
Our favorite part of CIS controls is that it looks like an instruction manual. Break down into three implementation groups (GIs) that are easier to digest, each GI contains a set of controls that must be integrated to achieve optimal cybersecurity effectiveness. Even if you only cover IG1, you’ll have protection against the top five types of attack: malware, ransomware, web application piracy, privileged privileges, and misuse, as well as targeted intrusions.
For more information on the NIST cybersecurity framework, see complete online guide. And make sure you see it in its entirety DeNISTifying Cybersecurity: Taking advantage of a proven framework to evolve your stack webinar on demand!
Guest blog courtesy of Huntress. Read more Huntress guest blogs here. Guest blogs with regular contributions are part of the MSSP Alert sponsorship program.