- Contact Us
The third function that will be discussed is Detect. After we have identified the assets within our organization and have implemented ways on how to protect those assets, we need to implement measure on how to Detect cybersecurity incidents that may occur. This can be achieved with using multiple monitoring systems like Intrusion Detection & Prevention Systems (IDS/IPS), File Integrity Monitoring (FIM) or even good old log reviews.
The NIST Cybersecurity framework defines the Protect category as; "Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event." The Detect function is further broken down into three categories (outlined below) which identify specific areas that organizations should consider in their risk management analysis. Of the 98 subcategories within the NIST Cybersecurity framework, 18 are addressed within the Detect function.
Within the 18 subcategories, establishing a baseline for the environment needs to be determined, alerting thresholds must be determined, and vulnerability scans need to be performed, are just a few of the requirements that need to be addressed within this function. Along with setting up and implementing these monitoring mechanisms it is important to remember that testing should occur on a regular basis to verify that the controls that have been implemented are working as desired and enhanced as needed. Organizations can spend thousands of dollars on detection mechanisms but if thresholds are set to low or to high, what good is the mechanism really doing?
If this blog peaked your interest and you can’t wait until the next installment, feel free to download a copy of the framework at the official website https://www.nist.gov/framework. Also, in April NIST made some updates to the Cybersecurity Framework based on feedback they received and the changes in the threat landscape. For our May webinar, I will be presenting on the framework itself, the changes to the framework, and what these changes mean for your organization. Here are the details as well as a link to register below:
What: Changes to the NIST Cybersecurity Framework Webinar
When: Tuesday May 29th @ 2:00 PM EST
Duration: 30-Minutes plus Q&A Session
If you are concerned about clicking on an image, please copy and paste the following link into your browser to register: https://www.bigmarker.com/compass-it-compliance-llc/Updates-to-the-NIST-Cybersecurity-Framework