The NIST Cyber Security Framework (CSF) has 5 primary functions; Identify, Protect, Detect, Respond and Recover.
The identify function is an essential starting point for your security journey. Elements of the identify function include asset management, business environment, governance, risk assessment and finally risk management strategy.
Naturally, asset management is a vital category under the identify function and a typical starting point for most security leaders. If you don’t know something is there, you can’t possibly protect it. Visibility includes knowing your users, the applications they use and the devices on which they run them.
Asset management also involves you being aware of your network infrastructure, remote connections and interconnected suppliers and services. Visibility of all assets, physical and logical, ensures that we can consider the associated business risks.
Your business environment reflects your understanding of your business and how it operates. Looking at security in isolation is not effective, it must be in terms of your business operations.
Under the governance category heading we see the processes and policies of your organisation as well as general security operations being addressed.
Your risk management strategy is key to defining how you approach risk and how you handle the constantly evolving threat landscape. Risk assessment and assurance are addressed here with treatment plans, risk registers and a record of any impacts.
Supply chain management is partially addressed by asset management but also mainly under the governance and business environment categories of the NIST CSF.
To learn more and speak to our expert team, please complete the below and we’ll be in touch:
I just wanted to take a moment to personally thank IP Performance for all your help and guidance during our recent upgrade project. Upgrading all three of our production clusters was a huge undertaking, especially with the amount of traffic they serve and thousands of services they deliver. Achieving this with zero downtime was no small feat and your expertise and quick responses were absolutely crucial in making it happen. It really felt like you were part of our team throughout this process and were more than just providing support but indeed kind of taking ownership of all the challenges and issues we had during this migration which we couldn’t have done as smoothly without your support.
