IDENTIFYING POTENTIAL RISKS
The National Institute of Standards and Technology
(NIST) defines a framework called the Cybersecurity
Framework that is shown in Figure 14-1. The framework
organizes necessary cybersecurity activities into the
following functions:
Identify: An organization needs to understand what kinds of
cybersecurity risks can affect daily modes of operation. Areas such as
data theft, network breaches, and employee information are some of
the risks that need to be identified.
Protect: An organization needs to understand what it can do to
prevent attacks. Protection could include deploying proper networking
elements such as firewalls and tools for better software development.
Protection helps minimize the impact of any attack.
Detect: It is important to install tools that detect any data breaches or
attacks in a time-sensitive manner or while attacks are happening.
Respond: An organization needs to have a plan in place to deal with
an attack. It needs to know what procedures need to be followed and
what can be done to minimize the impact of an attack.
Recover: An organization needs to be able to quickly resolve any
services or systems that have been affected.Figure 14-1 NIST Cybersecurity Framework
For more details about the Cybersecurity Framework,
visit https://www.nist.gov/cyberframework/online-
learning/components-framework.