We are in our third part in a six-part series talking about the NIST Cybersecurity Framework and the core, or functions, of the framework. In the last 2 posts, we talked about the Identify and Protect functions of the framework and used the analogy of building a house. When you build a house, you must start with a foundation for your house to be built on (Identify). Next, you need to frame out your house, give it some walls and a roof to keep you safe from the weather and other elements (Protect). Once you have your house built, you need to put some items in your house to alert you to any pending danger or threats. These could be things like smoke detectors, carbon monoxide detectors and home alarm systems. Using that same analogy of building a house, this would be the Detect function of the core.
Think about your house and if you didn’t have smoke detectors? How would you know if there was a fire that could possibly threaten the safety of you and your family? The Detect function works in a similar way, and as the name implies, it is helping you “detect” cybersecurity events and problems that might be occurring on your network that you should investigate further.
According to NIST, the true definition of the Detect function is to “develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.” Seems straightforward to me and in all honesty, it is straightforward. The main goal of this function, as you probably already guessed based on the name and the definition provided by NIST is to discover cybersecurity events timely. Why is there such a focus on the timeliness of discovering cybersecurity events? According to Microsoft, the average hacker remains in a network for 146 days before being detected. More time equals more problems and could me more data that is lost.
In the Detect function, there are only three categories that are focused on but they are incredibly important categories:
I know that I keep saying in each of these posts that this specific Function of the NIST Cybersecurity Framework is important and that is true, they are all very important. But to me, this one is critical. If we go back to our house analogy, why build a house if you aren’t going to use items to detect any threats to your house? You wouldn’t build or buy a house and not put smoke detectors in to alert you to a possible fire so why not invest in detecting these cybersecurity events as quickly as possible, because guess what? The threats continue to come. The only question that remains is will you be prepared?
To help you prepare for the game, take a moment and download our Critical Security Controls eBook. If you are struggling with trying to figure out where to start, this is a great place. If you want to strengthen your Information Security Program, these are a great baseline to evaluate your program against. Click here to download your copy today! Till next week when we cover the Respond Function, stay safe and don’t let hackers win!