Request Demo

NIST Cybersecurity Framework

Breaking Down the NIST Cybersecurity Framework: Detect

down-arrow

In the past two blog posts, we've been diving into the framework functions. So far, we've covered Identify and Protect. Now, we move onto the third function of the framwork core: Detect.

[Webinar with Cybersecurity Influencers: The Benefits of Frameworks and Standards HERE]

NIST defines the framework core as "a set of cybersecurity activities , desired outcomes, and applicable references that are common across critical infrastructure sectors . The Core presents industry standards , guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implem entation/operations level".

The detect function requires that you develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

"The detect function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include : Anomalies and Events; Security Continuous Monitoring; and Detection Processes".

  • Anomalies & Events: Your program will detect unusual activity as soon as possinle, and the impact of events is understood by everyone on your team and beyond.
  • Security & Continuous Monitoring: You're monitoring your information system and environments at specified intervals to identify cyber events in your organization.
  • Detection Processes: Procedures and processes for detection are put in place and tested in order to ensure timely and broad awareness of cyber events.

The detect function is a critical step to a robust cyber program - the faster you can detect a cybersecurity event, the faster you can mitigate the effects of it. Examples of how to accomplish steps towards a thorough detect function is as follows:

  • Anomalies & Events: Prepare your team to have the knowledge to collect and analyze data from multiple points to detect an event.
  • Security & Continuous Monitoring: Make your team able to monitor your assets 27/7 or consider involving a MSS to supplement.
  • Detection Processes: Attempt to know about a breach as soon as possible and follow disclosure requirements as needed. Your program should be able to detect inappropriate access to your data as soon as possible.

Clearly, the detect function is one of the most important, as detecting a breach or event can be life or death for your business. There is no doubt that following these best practices and implementing these solutions will help you scale your program and mitigate cybersecurity risk. In our next blog post, we will explore the respond function.

Learn How CyberStrong Streamlines the NIST Cybersecurity Framework Adoption

    

You may also like

The Key To Turning Your Security ...
on December 11, 2018

It is often said, “if you don’t want something noticed, don’t talk about it”. This is true of a bad GPA, a stain on a carpet, or a project you might have missed a deadline for. ...

Solving The Cybersecurity Skills ...
on December 6, 2018

It is no shock to those in the cyber community that cybersecurity has become a board-level issue for many enterprises. A PwC survey showed a 20% increase in CEO’s concern over ...

The Next Wave Of Innovation For ...
on December 5, 2018

   The internet of things (IoT) is a force transforming the modern enterprise. Anything from robotics in warehouses to smart manufacturing to data center monitoring, the ...

The Corporate Compliance and ...
on December 4, 2018

Corporate compliance and oversight (CCO) is one of the main pillars to a strong integrated risk management (IRM) program and solution. Today, compliance leaders are faced with a ...

Securing the AI powered enterprise
on December 5, 2018

Machine learning and artificial intelligence (AI) has become the competitive differentiator of our time. By 2020, Gartner predicts that almost all new products to enter the market ...

4 Compliance And Risk Reports ...
on November 28, 2018

By 2020, 100% of large enterprises will be asked to report to their board of directors on cybersecurity and technology risk at least annually, which is an increase from today's ...

Alison Furneaux