The NIST Cybersecurity Framework can be used to either develop or improve upon a cybersecurity programme. Given there are 108 sub-categories which define the framework, we recommend where possible, automating your programme. The main phases include assessments of your current profile and target profile, and based on the variances, establishing a roadmap of improvement actions.
Your conformance with the programme and priority areas can then be re-assessed as often as you like without the need to re-produce time intensive reports. At a high level, your programme should include at least the following outputs:
Respond and Recover Key Considerations
Much attention is paid to the three functions of “Identify”, “Protect” and “Detect”. But what if you suffer a cyber-attack? How prepared are you to “Respond” and “Recover”? These are the two functions that Incident Response and Forensic Technology specialists most commonly deal with. Regardless of your organisations cyber-security profile maturity, we recommend ensuring you have at least considered the following NIST recommendations:
- systems or assets affected by cybersecurity incidents.
- mprove response and recovery planning by incorporating lessons learned into future activities.
NIST Resources to Improve Forensic Preparedness
The NIST website provides numerous resources to assist with forensic procedures in the event of a cybersecurity incident. Examples include: ‘Computer Forensic Reference Data Sets’ consists of documented sets of simulated digital evidence for examination.