NIST framework crash course...blog
You keep hearing NIST in job descriptions…but what is it anyway? Today we have time to go into it without reading a lot.
NIST stands for National Institute of Standards and Technology (NIST)
The NIST Cybersecurity Framework provides a set of guidelines, best practices, and standards to help organizations manage and improve their cybersecurity risk management processes. It is widely trusted and used around the world by companies and government organizations. It gives a standard guideline for how to comply with rules and policies, and keeps privacy in check for consumers and also the providers.
Identify
Identification of components that we already have and what to protect.
- Equipment
- Software
- Data
- Policies & Plans….etc.
Protect
About controlling the safety level of our systems and data.
- Employee training
- Login access
- Endpoint protection
- Backups & updates
- Patching….etc.
Detect
Get alerts when something goes wrong and get prepared for further steps like investigation and reporting.
- Logging and monitoring unusual activities.
- Unknown users
- Unauthorized logins and devices….etc.
Respond
Having a plan set to extinguish an unexpected fire in the safety of data and systems.
- Reporting to proper stakeholders like authorities and users.
- Trying to keep ops running instead of shutting all down.
- Proper investigation.
- Containing the attack.
Recover
- Repair and restore the affected systems.
- Control reputation damage.
- Learning and further training of employees to avoid an incident again.
