<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

NIST Cybersecurity Framework

Breaking Down the NIST Cybersecurity Framework: Protect

down-arrow

As noted in the last blog post, we will be diving into the five functions that make up the NIST Cybersecuirty Framework Core, why they are important, and what they mean for your organization. Together, identify, protect, detect, respond, and recover give a strategic view of the lifecycle of an organization's management of cyber risk, at an easily digestible high-level.

[Webinar with Cybersecurity Influencers: The Benefits of Frameworks and Standards HERE]

This post focuses on the protect function, the second function of the framework.

NIST sais that the framework functions "aid an organization in expressing its management of cybersecurity risk by organizing information, enabling risk management decisions, addressing threats, and improving by learning from previous activities". 

The protect function is important because its purpose is to "develop and implement appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Identity Management and Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology" according to NIST

Protect covers these categories:

  • Access Control: validating identities and access to different systems, facilities, etc.
  • Awareness and Training: Giving employees and others the ability to be part of your cyber plan with education and training.
  • Data Security: Manage your data according to company standards in order to mitigate cybersecurity risks, and protect its Availability, Integrity and Confidentiality proactively.
  • Information Protection Processes & Procedures: Put in place the policies, processes, and procedures that you need to manage protection of your assets.
  • Maintenance: Continuously repair your Information System components and mitigate them
  • Protective Technology: Deploy the security solutions needed to protect them in line with company policies

Some examples of ways to attain these requirements are:

  • Preventing a data breaches by using 2FA, MFA, and controlling access to all of your environments and data.
  • Make sure your people are properly trained on how to handle your company's critial data and their various levels of access. Prevent accidents as much as possible.
  • Make sure your data is encrypted, in motion, and protected in all ways possible

Organizations must to evolve as breaches are becoming all the more common. By focusing on the protect function, you can put in place the policies and procedures to lay a strong foundation for your cybersecurity program as it matures in all five functions.

Access our free NIST Cybersecurity Framework on-demand webinar as a resource, which details a quick and powerful approach to begin implementing the framework. CyberSaint's NIST Cybersecurity Framework Guide is available here.

Learn How CyberStrong Streamlines the NIST Cybersecurity Framework Adoption

 

You may also like

NIST vs. ISO –What You Need To Know
on June 24, 2022

Organizations are increasingly on the lookout for ways to strengthen their cybersecurity capabilities. Many have found solace in compliance frameworks that help guide and improve ...

Top 5 Recommendations For Your ...
on June 22, 2022

Discover, design, validate, promote, and sustain best practice cyber protection solutions to safeguard your people and processes. As the cyber attack surface expands, the Center ...

June Product Update
on June 21, 2022

It’s a celebration! 🎵♪🎵♪ ♩Automate your scores, come on (Let’s automate) Automate your scores, come on (Let’s automate) There’s a party goin’ on right here An automation to last ...

Why You Need CIS Controls for ...
on June 17, 2022

The Center for Internet Security (CIS) is a non-profit organization that helps public sectors and private sectors improve their cybersecurity. The organization aims to help small, ...

Small Business Cybersecurity ...
on June 15, 2022

To achieve peace of mind in the modern threat landscape, small business owners must have a solid security strategy and budget in place. VIPRE’s SMB Security Trends report state ...

Do Small Businesses and Startups ...
on June 10, 2022

Did you know that about 60% of small businesses shut down within 6 months by falling victim to a data breach or cyber-attack, where the average global breach cost hovers at $3.62 ...