NIST Protect – video explainer
The NIST Cyber Security Framework (CSF) has 5 primary functions; Identify, Protect, Detect, Respond and Recover.
In the protect function we have the following categories: access control, awareness and training, data security, information protection processes and procedures, maintenance and protective technology.
The second function within NISTās CSF requires security focus on them being able to ādevelop and implement the appropriate safeguards to ensure delivery of critical infrastructure servicesā, with the aim of reducing the impact of a cyber security event through best practice and solid data protection policies and process.
The protect function also encompasses the deployment and management of traditional security technology such as anti-virus, firewalls and other network security appliances.
Access control is the category which, by limiting and controlling access to critical systems which are likely to be hosting or providing access to critical data, is called upon to prevent unauthorised access to your data.
Security awareness campaigns and staff training are a critical element of the protect function, tying together the operational enactment of your policies and procedures.
Data security features at the protect stage including activities such as classification, labelling and encryption. Within this category, security stakeholders work to consistently manage data in a way that aligns with the businessās risk strategy and support the confidentiality and integrity of information while also ensuring its availability.
The information protection processes and procedures category involves maintaining and leveraging security policies, processes and procedures to adequately protect critical data and the systems that support it. These policies would have been initially created under the governance category of the identify function. Building upon the activities during that function, this category also calls for the creation and management of plans for incident response, business continuity, incident recovery and disaster recovery, as well as testing for the response and recovery plans in particular. We will see the operational output of this in the respond and recover functions.
The maintenance category defines the āever-so criticalā patching and system fix strategy and operations.
Protective technology is the category which focuses on the technical security solutions, specifically how the technology is documented, how it is implemented and how we audit and log activity, something that is vital for the next function of the NIST CSF ā Detect.
To learn more and speak to our expert team, please complete the below and weāll be in touch:
-
I have worked with IP-Performance for over 20 years and have always found them to be knowledgeable, helpful, prepared to go above and beyond and always right on the edge of modern technology and trends. So, when they suggested we might want to look at Pentera, we jumped at the chance and the results were nothing short of jaw droppingā¦ I would recommend anyone take a look at that product, even if you think you have all your security bases coveredā¦ Trust me, you havenāt. I would recommend the product, and anything that IP-P do to anyone across the industry. The breadth of what they cover is astounding.
David Brazewell, Technical Director,
QubeGB Ltd.
