This cybersecurity framework presents a structured model that guides an organization on security best practices that they can implement concurrently to manage cybersecurity risks.
The framework includes the following functions:
Identify: Understand the organization’s context to better manage cybersecurity risks to systems, assets, data, and capabilities. This involves understanding the organization’s business context, the resources that support critical functions, and the related cybersecurity risks.
Understanding these elements will enable the organization to focus and prioritize its efforts, consistent with its risk management plan and strategic needs. Within this function, the organization is expected to implement the following processes among others; Asset Management; Understand Business Environment; Governance; Risk Management (Risk Assessment and Risk Treatment).
Protect: Develop and implement the appropriate controls to prevent service disruptions and ensure service availability.
This involves implementation of controls that will proactively limit threats and/or contain the impact of a potential cybersecurity event. Processes in this function include, but are not limited to; Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.
Detect: Implement appropriate processes and procedures to identify cybersecurity events as soon as they occur.
Continuous monitoring and detection processes are among the activities that an organization should implement within this function.
Respond: Establish the appropriate activities to take immediate action when a cybersecurity event is detected. This will enable the organization to contain the impact of a potential cybersecurity event.
This function involves the development of an Incident Response Plan, Mitigation Strategies and Communication Plans.
Recover: Establish plans to ensure that resilience is maintained, and critical functions and services are restored in a timely manner following a cybersecurity incident.
This function involves Recovery Planning; Actions to ensure improvements; and Communications