NIST framework: 5 pillars for your cyber security strategy

by Vinaya Sheshadri

Cyber security strategies differ across countries, organisations and sometimes even departments within the same business. This causes a lack of standardisation, a lack of adequate security knowledge, and ultimately poorly constructed cyber security infrastructure.

The NIST framework was established to fix these issues. As cyberattacks become more sophisticated and widespread, the NIST framework was designed to provide a structure to help companies strengthen their cyber defences.

It brings your departments, policies, procedures and data together to ensure you have a unified defence mechanism protecting your business assets. In this blog we’ll outline the NIST framework and the steps you need to take to implement it.

What is a NIST framework?

The NIST framework is a set of guidelines for creating a cybersecurity strategy. Established by National Institute of Standards and Technology under the United States Commerce Department, the framework helps businesses follow best practices to improve their cyber strength.

What are the 5 elements of the NIST cybersecurity framework? 

The NIST framework has five individual functions. Each represents a set of activities and objectives that need to be achieved. Together, these functions are essential for businesses to build a holistic and comprehensive cybersecurity strategy.

The 5 pillars of the NIST framework consist of:

  1. Identify: Identify types of threats and all assets potentially at risk.
  2. Protect: Analyse how to best safeguard all identified assets.
  3. Detect: Define how threats against assets will be detected.
  4. Respond: Outline key measures to respond to detected threats.
  5. Recover: Define how to fix impacted infrastructure and maintain security.

How do you use a NIST framework?

The NIST model can be used as a framework for the implementation of any cyber security strategy. It helps to structure activity, providing a step-by-step guide to follow for deployment.

NIST can also be used by any organisation. From enterprise-level organisations to small businesses, it will ultimately serve to make your cyber security process much easier and more effective. Most cyber security professionals, such as RiverSafe, commonly utilise NIST procedures to create more tailored and effective strategies.

Here are the steps involved in each stage of the NIST framework:

IDENTIFY

This should be the initial section in any cyber security process. Before you can decide on what tools or procedures you need, businesses first need to identify what needs protected.

This stage can be completed through workshops where members identify and define company assets that need protected. Once all critical assets have been listed, scenarios and use cases need to be determined for each one. This helps understand the related risks to people, assets and the business and inform the rest of the framework.

PROTECT

Protect is closely linked to the Identify stage. Based on your defined use cases and assets, protect determines what actions, measures or tools should be used to safeguard assets. The aim of the established measures should be to mitigate or prevent potential cybersecurity threats and impacts.

DETECT

This stage involves defining and creating mechanisms to detect potential threats.

For example, this could be abnormal activity from a user which is identified by the implementation of a simple rule. Tools that track and predict user behaviour or trends could be used in this scenario. The abnormality would then be detected by your chosen cyber security tool and automatically displayed on a data visualisation dashboard.

RESPOND

Once the threat or abnormality is detected, there needs to be a defined response prepared to react to this activity. This could be a variety of procedures, based on the criticality of the asset, the behaviour detected, and more. Essentially, each response strategy should be tailored to each use case, asset and threat activity.

An example procedure could include investigating the cause of the behaviour to decide whether it is legitimate or not. If it is determined to be illegitimate, analysts can evaluate cyber activity before and after the event to further understand the threat and its context. The results of this intelligence will change the response that needs taken.

RECOVER

Finally, action needs to be taken after an event to both recover from the incident and ensure it doesn’t happen again. This would include action to rectify the incident’s impacts, evaluating the source of the incident for potential security weaknesses, and accordingly implementing new policies, security or infrastructure to improve your strategy – for example, introducing better threat detection capabilities.

REPEAT

While there are only five pillars in the NIST framework, the work isn’t done after recovery. The framework is designed to be a cycle where users continually go through all the steps to maintain, re-evaluate, and evolve their cyber security strategies to account for new assets, threats and changing cyber landscapes.

RELATED: Risk management in cyber security assessments

What are the benefits of a NIST framework?

The NIST framework provides benefits to both the organisations using them, and their respective customers. Primarily, it helps users build a strong and comprehensive cyber security strategy that accounts for all assets and potential risks.

But beyond this, there are various other benefits of using NIST to create your cyber security landscape:

Procedural Consistency

Using NIST, organisations will be implementing the same structure and procedures to identify and protect all use cases. This ensures that your cyber security is consistent throughout the organisation, departments and assets.

This reduces both gaps in your cyber security platform and reduces the chances of user mistakes or inconsistencies, for a stronger approach.

Eradicated Silos

With a consistent framework your security systems, tools and policies should be inherently linked. This also means data that was previously spread across your cyber environment, hidden in silos, is now contained in one singular environment.

This breaks down detrimental silos, fixing weaknesses that hackers can take advantage of in your digital landscape.

Compliance

The NIST framework and its recommendations are completely compliant. It ensures your policies and procedures are in accordance with regulations and helps you avoid liabilities if there is an attack.

Trust

In addition, with a good cyber security procedure in place, your customers, clients, stakeholders and employees will be assured your organisation is secure. And in the event of an attack, the NIST framework will ensure your data is better protected and prevent the negative fallouts of a leak.

Who uses a NIST cybersecurity framework?

Any business or organisation looking to introduce a new cyber security strategy or review their existing one can benefit from a NIST framework.

As a simple framework, it can be customised to different security needs and ensures your specific asset and cyber landscape is accounted for. By implementing NIST, businesses will be provided with the foundation level to begin deploying their own security processes and policies.

How can a business create a cybersecurity framework or strategy?

Creating a strategy is as simple as following the steps of the NIST or other frameworks. Doing this will help you identify all the key areas that need considered and established in any solid security strategy.

A simple NIST checklist to get you started:

  1. Identify all assets
  2. Regular update spreadsheet of assets
  3. Prioritise items to protect
  4. Dedicate investment into protecting these assets
  5. Identify how best to protect prioritised assets
  6. Create detection mechanisms for assets
  7. Determine response strategies for assets and use cases
  8. Apply tools to help you automate the detect and respond stages
  9. Establish recovery policies
  10. Repeat the cycle and make improvements or changes as needed

The important thing to remember is that all the steps need to be used together. Each informs and works off the other, so all need to be regularly maintained and sustained.

RiverSafe can help organisations identify, detect, protect, detect and respond. We will guide you through the process providing expert consultancy on how best to manage your assets, potential threats and security solutions. For recovery, we can help you establish an effective structure which you can implement in future.

Find out more about how our experts can help you implement a cyber security strategy, get in touch.

By Vinaya Sheshadri

Book a consultation

Arrange a cyber security or data operations consultation with the RiverSafe team today.