The cyberattacks are more and more present these days. Most professional and non-professional sites have already been subject to attacks and have undoubtedly paid the price. However, to deal with this, the National Institute of Standards and Technology (NIST) has developed 5 functions. Each organization must use these 5 functions, seen as pillars, to establish its cybersecurity roadmap. What functions are they and why are they so important?
Cybersecurity: start by identifying!
Identification is about understanding systems, people, assets and data. This information will help your IT professionals properly manage cybersecurity risk. To do this, you must have at your disposal a documented list of approved people, accounts, hardware devices and software. Only then can you develop an adequate cybersecurity protection plan.
Cybersecurity: then, protect!
This function includes tasks such as
- the use of appropriate access control procedures,
- setting up a “human firewall” with staff awareness training,
- configuration of network firewalls,
- the application of patches to each software and operating system used
- ensuring your endpoint protection is best in class.
Next point: detect!
In the event that your organization’s perimeter protections have been breached, you must Develop a strong “defense in depth” strategy. This requires having systems in place that can detect bad actors in your environment. To spot malicious activity, you can use automated systems that leverage artificial intelligence (AI),
Cybersecurity: respond to an attack!
To respond to a cyberattack, you must deploy systems and processes that enable action against an attack. This includes :
- isolation from danger,
- communication management,
- mitigation activities.
These activities are often handled by an incident response (IR) service provider. It can handle the analysis, containment, eradication and recovery of a cybersecurity incident.
Last point: recovery
Recovery is the latest function of NIST. This function includes, among other things, certain points including:
- bringing things back online that were affected by the attacks
- recovery of systems and data from backup copies
- information for staff, customers and members