The NIST Cyber Security Framework (CSF) has 5 primary functions; Identify, Protect, Detect, Respond and Recover.
The identify function is an essential starting point for your security journey. Elements of the identify function include asset management, business environment, governance, risk assessment and finally risk management strategy.
Naturally, asset management is a vital category under the identify function and a typical starting point for most security leaders. If you don’t know something is there, you can’t possibly protect it. Visibility includes knowing your users, the applications they use and the devices on which they run them.
Asset management also involves you being aware of your network infrastructure, remote connections and interconnected suppliers and services. Visibility of all assets, physical and logical, ensures that we can consider the associated business risks.
Your business environment reflects your understanding of your business and how it operates. Looking at security in isolation is not effective, it must be in terms of your business operations.
Under the governance category heading we see the processes and policies of your organisation as well as general security operations being addressed.
Your risk management strategy is key to defining how you approach risk and how you handle the constantly evolving threat landscape. Risk assessment and assurance are addressed here with treatment plans, risk registers and a record of any impacts.
Supply chain management is partially addressed by asset management but also mainly under the governance and business environment categories of the NIST CSF.
To learn more and speak to our expert team, please complete the below and we’ll be in touch:
I have worked with IP-Performance for over 20 years and have always found them to be knowledgeable, helpful, prepared to go above and beyond and always right on the edge of modern technology and trends. So, when they suggested we might want to let them do an internal security audit, we jumped at the chance and the results were nothing short of jaw dropping… I would recommend anyone take a look at their portfolio, even if you think you have all your security bases covered… Trust me, you haven’t. I would recommend the portfolio, and anything that IP-P do to anyone across the industry. The breadth of what they cover is astounding.
