National Institute of Standards and Technology (NIST) in the year 2014 released a document titled "Framework for Improving Critical Infrastructure Cybersecurity” which contained guidelines, acceptable practices, and standards to manage and mitigate the risks associated with security, identify threats, assess vulnerabilities and implementing control. The five core functions NIST put forth where identify, protect, detect, respond and recover. Each of these has been explained a bit in the paragraph to follow:
Identify is key to any kind of security. Without identifying the possible threats, no solution can be devised. To oblige with this function, an organization must have a panopticon view of all the physical assets, their interlinkages and digital assets and their footprint (Kerfoot, 2012). They should also have a clear idea about the user types and their roles. Once that’s done, it’s more of identifying the threats - internal, external human-related and natural.
Once the threat(s) are identified, it’s important to protect against those threats by devising proper safeguards against it. The organization can run awareness program to its staff so they are aware of some standard protocols and what they should do in case they see suspicious email or message or link or anything else which is just not called for. Processes should be set to protect the data and keep the system updated. The organization must have full access to both physical and digital assets with proper policy in place to protect it.
Next is to detect the threats in the system. Under this, identification of the occurrence of cybersecurity takes place. Such that by continuous monitoring of the network and organizational structure helps anticipate cyber incident and hunt for threats in the system. This also provides a very effective way to analyze and to prevent cyber incidents in an organization.
Even with all the protection in place, in any case, if the security breach happens, the organization must respond to the incident to contain the impact. As part of it, an organization must be ready with appropriate plans for communication and workflow. After which, scan through the system for risks and perform all the activities to nullify the risk. Document the steps taken and lesson learned from the incident. Place all those into a revised response strategy (Tagarev, 2014).
Once the threat is nullified, it’s time to recover the system and restore it to the original state. During the cybersecurity incident, the system or service may be compromised, some functionality may not be working as it should. The organization now need to restore all those functionalities to its functional state. For this, an organization must have a proper restoration plan be with proper backup or with external assistance.
References
Kerfoot, T. (2012). Cybersecurity: Towards a Strategy for Securing Critical Infrastructure from Cyberattacks. SSRN Electronic Journal , 1-7.
Tagarev, T. (2014). Intelligence, Crime and Cybersecurity. Information & Security: An International Journal , 31 , 5-6.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where students share, stay up-to-date, learn and grow.
National Institute of Standards and Technology (NIST) in the year 2014 released a document titled "Framework for Improving Critical Infrastructure Cybersecurity” which contained guidelines, acceptable practices, and standards to manage and mitigate the risks associated with security, identify threats, assess vulnerabilities and implementing control. The five core functions NIST put forth where identify, protect, detect, respond and recover. Each of these has been explained a bit in the paragraph to follow:
Identify is key to any kind of security. Without identifying the possible threats, no solution can be devised. To oblige with this function, an organization must have a panopticon view of all the physical assets, their interlinkages and digital assets and their footprint (Kerfoot, 2012). They should also have a clear idea about the user types and their roles. Once that’s done, it’s more of identifying the threats - internal, external human-related and natural.
Once the threat(s) are identified, it’s important to protect against those threats by devising proper safeguards against it. The organization can run awareness program to its staff so they are aware of some standard protocols and what they should do in case they see suspicious email or message or link or anything else which is just not called for. Processes should be set to protect the data and keep the system updated. The organization must have full access to both physical and digital assets with proper policy in place to protect it.
Next is to detect the threats in the system. Under this, identification of the occurrence of cybersecurity takes place. Such that by continuous monitoring of the network and organizational structure helps anticipate cyber incident and hunt for threats in the system. This also provides a very effective way to analyze and to prevent cyber incidents in an organization.
Even with all the protection in place, in any case, if the security breach happens, the organization must respond to the incident to contain the impact. As part of it, an organization must be ready with appropriate plans for communication and workflow. After which, scan through the system for risks and perform all the activities to nullify the risk. Document the steps taken and lesson learned from the incident. Place all those into a revised response strategy (Tagarev, 2014).
Once the threat is nullified, it’s time to recover the system and restore it to the original state. During the cybersecurity incident, the system or service may be compromised, some functionality may not be working as it should. The organization now need to restore all those functionalities to its functional state. For this, an organization must have a proper restoration plan be with proper backup or with external assistance.
References
Kerfoot, T. (2012). Cybersecurity: Towards a Strategy for Securing Critical Infrastructure from Cyberattacks. SSRN Electronic Journal , 1-7.
Tagarev, T. (2014). Intelligence, Crime and Cybersecurity. Information & Security: An International Journal , 31 , 5-6.