Analecta Cyber Company Blog: The NIST Cybersecurity Framework Explained

2018-07-17

The NIST Cybersecurity Framework Explained

Overview | Identify | Protect | Detect | Respond | Recover | Index

The NIST Cybersecurity Framework Explained - Analecta LLC graphic The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) has become an essential resource for U.S. businesses in developing a company-wide cybersecurity program. The guidance can be tailored to businesses of any size and has been recognized by many states and industry associations as a “best practice” for many business types.

Cybersecurity risks are a given factor that every business must face. According to the Ponemon 2017 State of Cybersecurity report, medium-sized businesses suffer losses at an average of $2.2M from a cyber attack. A single attack may paralyze business operations, damage stakeholder confidence and even close an affected business.

NIST developed the Cybersecurity Framework in order to support businesses and respond to a growing cyber threat. Gartner Research projects that by 2020, nearly 50 percent of U.S. organizations will be using the NIST Cybersecurity Framework.

NIST Cybersecurity Framework core functions


The following functions are the primary reference point to guide organizations and formulate a strategic plan that aims to bolster cybersecurity defense. These continuous functions help maintain your cybersecurity strategy in good standing.

Identify. Compliance to identification requires an inventory of your company’s digital and physical assets. It includes knowing which pieces of the infrastructure are at risk or exposed to common cyber threats. A software inventory will also be important for managing updates.

Protect. During a threat, safeguarding critical assets should be the first priority. Direct control of physical assets will mitigate the impact of an intrusion. Protective technologies go hand in hand with cyber resiliency and necessary in keeping the company true to its mission.

Detect. Organizations must have the capability to detect and identify potential cybersecurity threats in compliance with this function. The process enables the company to implement an action plan to respond to the impending threat.

Respond. Cybersecurity incidents strike at any time of the day or night. Your organization must be ready to take appropriate actions when these happens. With your preselected response team, execute your incident response plan and mitigation activities to stop the threat and prevent further damage.

Recover. When an attack penetrates your organization’s defense, pre-determined contingency activities are implemented to continue normal operations. Incident recovery teams gather evidence, data points and lessons learned. These are translated into knowledge for potential future events.

How small businesses benefit from the NIST Cybersecurity Framework


When it comes to cybersecurity solutions, the NIST Cybersecurity Framework is an excellent resource for developing a new cybersecurity program or bolstering an already existing program. It is designed to assist a business in identifying risk and developing mitigations and response capabilities. By following these guidelines, you will be better equipped to face malicious threats and any manner of cyber incident. By using the NIST CSF, business leaders are able to identify areas that need improvement and implement new strategies and practices that make sense for their business.

As you integrate the framework into your cybersecurity programs, progress is measured by implementing tiers from partial to adaptive. It can be customized to tailor-fit your risk management processes and organizational needs. The implementation tiers are used to evaluate the maturity of the cybersecurity program.

Step by step instructions on how to take action


The Analecta Cyber NIST Cybersecurity Framework Blog Series is a weekly production that tackles the discussion of implementing many of the facets brought about through the NIST CSF.

This blog series is designed to give you helpful information for implementing a cybersecurity program based on the NIST CSF. We want to show respectful consideration for your time and focus on developing clear, friendly, helpful information that is concise yet actionable.

These posts will:
  • Explain the physical threat that is present, using statistics, reports and real-life experience.
  • Capture “why” it is important to protect against this threat, usually leading to preventing loss of revenue as well as maintaining credibility, integrity and availability of your data.
  • Discuss the positive impact that conscious decisions of implementation can make.
  • Explain “how” the protection can be implemented, using technical language familiar to our audience but also using this as a learning experience to educate.
  • Our authors look to integrate our blog content with current events or other topics of interest. If you have topics that you can’t seem to find info on, let us know, and we’ll reach out to you/blog about it.

Our goal is to be a resource on your road to improving cybersecurity. Any business can improve their cyber resilience and we’re honored to be a part of that journey with you.

Analecta Cyber is a Maryland-based cybersecurity firm providing cyber risk assessments for small and medium sized businesses. Analecta is a trusted partner to help companies achieve their cybersecurity objectives.


Further Resources