Skip to main content
Tulane Home Tulane Home

Title

NIST Cybersecurity Framework: 5 Essential Phases for Optimal Security

A bearded male cybersecurity professional examines code on three monitor displays.

Modern technologies such as the internet, wireless communication devices, and cloud storage make data sharing easier than ever before. As a result, a vast amount of information is available to be used — and potentially abused, if it falls into the wrong hands. Say a company collects details from customers who buy its products online, including their address, phone number, and credit card information. If the company is hacked, this sensitive information may be used for criminal purposes. In response to such risks, a branch of IT practice known as cybersecurity has developed.

Cybersecurity encompasses the tools and processes needed to protect computer-driven systems, networks, and programs from digital attacks, also known as cyberattacks. Such cyberattacks may seek to access sensitive information, as just described, to extort money from persons or organizations, or to simply disrupt day-to-day business operations. The National Institute of Standards and Technology, or NIST, cybersecurity framework is the gold standard used by organizations to establish the fundamental controls and processes needed for optimum cybersecurity. This article will explain what the NIST framework is and how it is implemented.

Defining the NIST Cybersecurity Framework

The NIST framework encourages the application of risk management principles and cybersecurity best practices. It is used across all industries and by enterprises of all sizes, from small nonprofit organizations to major corporations, to establish resilient cybersecurity infrastructure and minimize the likelihood of breaches. In addition to serving as the preeminent guideline for good cybersecurity preparedness, it also provides a common language for these diverse enterprises to use when cyberattacks occur. Although it is not legally required, the framework is used voluntarily by many organizations, thanks to the high standard it sets for cybersecurity infrastructure.

According to NIST, the framework’s first version was issued in 2014 in response to a presidential executive order calling for improved critical infrastructure cybersecurity. It was developed by NIST in collaboration with private-sector participants from the cybersecurity industry and academic institutions. The aim was to standardize attempts at implementing cybersecurity measures across industries. The framework’s utility was subsequently emphasized by the Cybersecurity Enhancement Act of 2014, which “calls on NIST to facilitate and support the development of voluntary, industry-led cybersecurity standards and best practices for critical infrastructure.”

Today, NIST continues to heed this call, working with stakeholders nationally and internationally to raise awareness about the framework. The latest version, V1.1, was released in April 2018.

The Cybersecurity Framework’s 5 Pillars

The NIST cybersecurity framework is built on five pillars, which form the basis of all successful cybersecurity programs. These five core functionalities are at the highest level of abstraction the framework presents. They must all be carried out simultaneously and on an ongoing basis in order to keep up with an organization’s ever-evolving cybersecurity needs. The cybersecurity framework’s five pillars follow.

Identify

This pillar involves identifying an organization’s so-called critical functions and what cybersecurity risks could impede those functions. For example, if a business collects payments from customers online, the secure collection of this data is a critical function; without it, the business cannot continue to sell its products. The function covers different categories, such as the business environment, which refers to the organization’s objectives, activities, and stakeholders, and asset management, the systems, data, devices, facilities, and employees needed to achieve a critical function.

Protect

This function focuses on containing a cybersecurity breach’s potential impact. Once critical functions are identified, businesses can prioritize them — and subsequently prioritize their cybersecurity efforts accordingly. The protect function defines the safeguards a business must have in place to make sure that critical functions along with their relevant components, such as systems and employees, are safe. It encompasses six steps: 1) limit access to compromised assets, 2) educate the organization's personnel, 3) manage the company's information according to a defined risk strategy, 4) use security procedures to protect the organization's systems and data, 5) perform necessary maintenance and repairs, and 6) make use of protective technology solutions.

Detect

This function’s aim is to assess whether a company’s systems are compromised so that action can be taken if needed. The function analyzes how the organization’s cybersecurity team determines a breach has happened.

Respond

If a breach is detected, the team must respond to it quickly. The longer a cyberattack continues, the more damage critical functions may be exposed to. The respond function aims to minimize damage by promoting a rapid response. It outlines the actions that the team can and should perform depending on the cybersecurity breach’s severity and type.

Recover

The recover function aims to get back any data that might have been lost as a result of a breach or attack. It also deals with restoring services to critical systems that may have been damaged because of the incursion. It further provides a chance to identify what activities will support the organization's cybersecurity infrastructure resilience in the future. In addition to recovery planning and determining where improvements can be made, the recover function also requires communicating with both internal and external stakeholders (for example, employees and customers) regarding the incident.

Implementing the Framework

Each of the above functions encompasses a specific set of actions. Taken together, they offer a holistic strategy for organizations to better understand, manage, and prevent cybersecurity risks. If an organization wants to meet high standards of cybersecurity, it must address all five functions of the NIST cybersecurity framework. This can be done in several ways. NIST outlines a manufacturing profile development approach as one option for a manufacturing organization to implement cybersecurity controls; this serves as a useful case study to demonstrate just how detail-oriented a comprehensive cybersecurity framework must be.

The manufacturing profile development approach is based on a manufacturing business’s defined objectives in the face of security threats — including the need to maintain human safety, product quality, and trade secrets. For example, an auto manufacturer can identify its critical functions according to these overarching goals. To identify critical components in a manufacturing system, the manufacturer must first take an inventory of all system parts, from network switches to machine tools, and then determine what information is needed to account for each component (for instance, manufacturer, serial number, and physical location). Protecting a specific component in the face of a cybersecurity breach could require deactivating system access and/or user credentials. To detect a breach, the manufacturer might establish a network operations baseline that outlines how data is expected to flow within the manufacturing system. If discrepancies arise, the manufacturer will be able to identify them according to this detection plan and can then execute a response plan. Finally, a recovery plan will involve restoring the manufacturing system. This is just one example of the large amount of work that goes into creating such a framework.

SoPA’s Role in Preparing Professionals for the NIST Cybersecurity Framework

The Tulane University School of Professional Advancement (SoPA) provides useful training for those interested in cybersecurity careers. The MPS in Cybersecurity Management teaches students how to carry out core NIST cybersecurity framework functions, including how to identify security risks, formulate preventative security controls, and implement organizational cybersecurity. A graduate certificate in cyberdefense covers courses such as Data and Database Security and Cyber Incident Response and Forensics. Discover more about this exciting curriculum online.

Recommended Readings
Data Protector: How Prof. Martin Heyder Is Introducing Students to Data Security Careers
IT Leaders: 6 Essential Skills to Help Develop Your Team
5 Cybersecurity Policy Trends

Sources
CISCO, What Is Cybersecurity?
IS Partners, “The NIST Cybersecurity Framework: An Introduction to the 5 Functions”
NIST, “Cybersecurity Framework Manufacturing Profile”
NIST, “Cybersecurity Framework Questions and Answers”
Security Magazine, “5 Steps to Turn the NIST Cybersecurity Framework into Reality”

All Blogs