In this blog, we'll be disucssing the second-to-last framework function of the NIST Cybersecurity Framework: Respond. In the last three articles, we discussed the first three framework functions: Identify, Protect, and Detect in our Breaking Down the NIST Cybersecurity Framework series.
NIST defines respond as "Develop and implement appropriate activities to take action regarding a detected cybersecurity incident".
"The Respond Function supports the ability to contain the impact of a potential cybersecurity incident. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements".
Here are the parts to the respond function and their importance:
- Response Planning: Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events.
- Analysis: Analysis is conducted to ensure adequate response and support recovery activities.
- Mitigation: Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.
- Communications: Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.
- Improvements: Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.
When breaches occur in companies, an incident response plan is critical to manage the immediate aftermath. Surprisingly, lots of organizations don't have an incident response plan, or just havent tested the plan that they have in place.
- Your Response Plan: Make sure that you're reporting breaches if they occur.
- Mitigate: Make sure you have a plan to mitigte any event that could occur, in house and with third parties.
- Analyze: Go over your plan with experts inside and outside of your team.