What is NIST?
The National Institute of Standards and Technology (NIST) has divided cyber security into five core processes which aims to provide a strategic picture of an organization’s risk management and its lifecycle in terms of cyber security.
The identification process helps develop an organizational understanding of managing cyber security risks in regard to systems, people, assets, information and capacities. In order to complete this process and thus succeed in identifying relevant risks, it is important to acquire complete insight into your digital and physical assets as well as their interconnections. Having defined roles and responsibilities, understanding of your current risks and exposures, as well as policies and routines to address these risks is also of utmost importance.
The protection process describes appropriate safeguards designed to reduce or mitigate the effects of a potential cyber security incident. Such safeguards may, for example, be the introduction of relevant organizational policies and guidelines or educational training of management and staff in information security issues. Other examples include setting requirements for procurement but also development of IT systems, case management and management control. If you need help identifying your risks and threats and implement security practices that are based on NIST, see our Identify & Implement Services.
It is not enough to just protect yourself, you must also be able to detect potential or already occurred incidents. Do IT departments, subcontractors and various external service providers really do what they claim? The detection process helps organizations monitor and quickly identify threats that may be potential or already occurred security incidents. If you need help detecting risks and threats in your ongoing security work, see our independent audit services.
RESPOND & RECOVER
If an incident occurs, organizations must be able to act quickly and respond before too much damage has occurred. With the use of proper measures, you will be able to return to normal operational activity sooner in the event of an incident occurring. If you need assistance in how to act or recover in the case of an incident occurring, see our incident management services.