In a recent blog, Tracy Martin prepared an overview and introduction to the NIST Cybersecurity Framework. This framework is utilized by countless organizations to define their policy and procedures, and for good reason. At Intrinium, we work to ensure that we are staying up to date on NIST and how to best align it with your business goals in an ongoing basis (remember, the framework is not compliance!).
In my work on security operations, my focus has naturally been focused on the NIST requirements met by monitoring. The sections that are particularly relevant are:
Protect. In this section, the focus is on developing and implementing the appropriate safeguards to ensure the delivery of critical infrastructure services and limit any potential damage that a cybersecurity event may have. This involves controlling access to assets, providing training and education to employees, and deploying the protective technology.
Detect. In this section, the focus is on developing and implementing the network monitoring activities that help to identify the occurrence of a security event.
Respond. In this section, the focus is on developing and implementing the appropriate response activities when a potential security event is detected. Response plans should be developed and include communication procedures as well as methods to collect and analyze information about the event.
These functions are best served by having a Security Operations Center (SOC). A well-built SOC will not only operationalize your protection, detection, and response through monitoring but ensure that alerts are handled for the full life cycle. At the bare minimum, NIST requires you to have continuous monitoring which is best accomplished with a Security Information and Event Management (SIEM) solution. You can then ensure that you are mapping your coverage to your risk tolerance and most important assets.
One of the goals of operational security is to ensure that you are protecting assets properly and efficiently – whether that is within the context of NIST or just best practice, we strongly recommend having the right people to drive your business towards success.