In the past two blog posts, we've been diving into the framework functions. So far, we've covered the NIST Identify function and Protect function. Now, we move on to the third core function of the framework: Detect.
[Webinar with Cybersecurity Influencers: The Benefits of Frameworks and Standards HERE]
The National Institute of Standards and Technology or NIST defines the framework core as "a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The NIST CSF Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level".
The detect function requires that you develop and implement an appropriate risk management strategy to identify the occurrence of a cybersecurity event. Your strategy should include coordination with key internal and external stakeholders.
"The detect function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes".
The detect function is a critical step to a robust cyber program - the faster you can detect a cybersecurity event, the faster you can mitigate the effects of it. Examples of how to accomplish steps towards a thorough detect function are as follows:
Clearly, the detect function is one of the most important, as detecting a breach or event can be life or death for your business. There is no doubt that following these best practices and implementing these solutions will help you scale your program and mitigate cybersecurity risk with comprehensive risk management decisions. In our next blog post, we will explore the respond function.