SBN

NIST CSF core functions: Detect

Introduction

The National Institute of Standards and Technology’s Cybersecurity Framework, or NIST CSF, was first published in 2014 to provide guidance for organizational cybersecurity defenses and risk management. This framework is renowned for its inherent flexibility and open-endedness to account for different organizational needs. 

At its center, NIST CSF is comprised of five core functions. This article will detail the third of these functions, Detect, and explore the Framework’s five core functions, what the Detect function is and the outcome categories and subcategory activities of this function.

What is the NIST CSF Framework core?

The Framework core is a set of recommended activities designed to achieve certain cybersecurity outcomes and serves as guidance, not intended to serve as a checklist.

The Framework core is composed of five functions that work together to achieve the outcomes mentioned above. These elements are:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

What is the Detect function?

Just as many experts have made the analogy of the previous functions being the foundation and frame for the CSF core framework functions, the Detect function has been affectionately compared to a homeowner stocking their house with items to detect or warn of danger within the house, such as smoke detectors and home alarm systems.

NIST defines the Detect Function as “(to) develop and implement appropriate activities to identify the occurrence of a cybersecurity event.” The focus of the Detect function is the organization’s ability to discover cybersecurity events in a timely manner. The heightened emphasis on timeliness is due to the fact that the longer an attack carries on, the more likely it is that data loss and other types of damage will be inflicted upon an organization’s systems, information and overall environment.

Outcome categories and subcategory activities

Each Framework function is composed of outcome categories that (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/A8KP2j_fJEY/