Monday 10th May 2021

NIST Detect – video explainer

The NIST Cyber Security Framework (CSF) has 5 primary functions; Identify, Protect, Detect, Respond and Recover.

Once identified and protected, your assets need to be monitored to detect incursions against your defences. The detect function requires that you develop, maintain and implement the appropriate activities which identify the occurrence of a cyber security event in a timely manner.

Categories within this Function include:

Anomalies & Events: Your activities and systems will detect unusual activity as soon as possible; the impact of events is understood by the relevant people in your organisation
Security & Continuous Monitoring: You monitor your information system and business environment at appropriate specified intervals to identify cyber events in your organisation
Detection Processes: Procedures and processes for detection are implemented and tested to ensure timely, visibility of cyber events

The detect function is a critical step in the NIST CSF cycle after establishing solid identify and protect platforms. Rapid detection of cyber security events will enable mitigation of the effects:

Anomalies & Events: Collect and analyse data from multiple points to detect an event
Security & Continuous Monitoring: Monitor your assets 24/7 or outsource
Detection Processes: Identify a breach as soon as possible and follow disclosure requirements as required; you should be able to detect inappropriate access to your system

Detecting a breach or cyber security event is essential. Give your organisation the best possible chance by fine-tuning detection methods and test them.

If you are not prepared to detect incursions against your systems, your efforts in the identify and certainly in the protect function, are significantly undermined. An organisation can survive a breach with the right preparation.

Any effort to define a solid respond and recover function within your organisation is reliant upon detecting security events and mobilising your response team.

To learn more and speak to our expert team, please complete the below and we’ll be in touch:

  • IP-Performance recently ran 2 virtual cyber breach response workshops for Elmbridge Borough Council and we cannot recommend them highly enough. As well as lots of practical resources & templates to take away, the second day culminates with an simulation which brings a cyberattack to life. It’s highly interactive, slightly stressful, but most importantly really makes you think! There’s a definite buzz around cyber at Elmbridge now thanks to Phil and team.

    Nikki Benge, ICT Business Manager,
    Elmbridge Borough Council