Functions of Cyber Security
Let’s learn about the Cybersecurity Framework's five Functions that are the key pillars of wholistic and successful cyber security programs. These five functions result from the highest level of abstraction included in the framework and act as its backbone. Here we learn about the value of functions within the framework, and here all the presented information builds upon the material introduced in the Components of the Framework module. Description of the five functions in the function core:
- Identify
- Protect
- Detect
- Respond
- Recover
Identify
Identifying function in the framework helps an organization understand the system of managing the cyber security risk to people, system, assets, capabilities, and data. This function defines the risks on which an organization must focus and prioritize its efforts and business needs with its risk management strategy. It identifies the resources that support the critical functions in the business context.
Tasks performed by identification function in an organization:-
- This function is utilized to identify cyber security policies in an organization regarding the need for legal rules and regulations regularly in an organization.
- It establishes the basic structure of an asset management program within an organization by identifying all the software and physical assets.
- It identifies the business environment supported by an organization that includes the place of an organization in critical infrastructure and its role in the supply chain.
- It identifies organization risk assessment through risk-responsive activities.
- Also, identify threats to internal and external organizational resources and asset vulnerabilities.
- Risk management strategies are also identified, including establishing risk tolerances.
- Identification of supply chain risk management in an organization that include
-priorities
-Risk tolerance
-constraints
-assumptions used to support risk decision
Protect
The Protect Function in the cyber security framework provides an outline of appropriate safeguards to ensure the delivery of critical infrastructure services. It provides a limit to cyber security events and also contains its impact.
Following are the functions of the protect function:
- Access control and identity management are protected in an organization that includes remote and physical access.
- Protection provides awareness and training to the staff that empowers them, and this training includes privileged user and role-based training.
- Organizational resources are protected through remote maintenance activities.
- Maintaining and managing the protection of assets and information systems implements information protection processes and procedure
- It manages protective technology consistent with organizational procedures, policies, and agreements
to ensure the resilience and security of assets and systems.
- Protect integrity, confidentiality, and availability of information within an organization is protected by establishing data security protection consistent with the company's risk strategy.
Detect
The Detect Function of the cyber security framework defines the activities that timely detect the occurrence of a cybersecurity event.
The following functions are performed by detect function:
- This function detects the events and anomalies and their potential impact.
- It monitors cyber security events by implementing continuous security monitoring capabilities to verify the effectiveness of protective measures (physical and network activities).
- For providing awareness of strange events, it maintains the detection process.
Respond
The Respond Function is designed in the framework to take appropriate actions by appropriate activities during a detected Cybersecurity incident. Its record and response to the impact of a potential Cybersecurity incident.
The functions of the response function are as follows:
- Respond function implements the response planning process during and after an incident.
- Respond function manages the communication during and after an event with external and internal stakeholders, law enforcement, etc.
- Prevention of event expansion and solution to an incident is provided by performing mitigation activities.
- An analysis is conducted to determine the impact of incidents and effective responses. It also supports recovery activities, including forensic analysis.
- The organization's improvements incorporate lessons learned from previous and current response/ detection activities.
Recover
The Recover Function in the cyber security framework is used to reduce the impact of a cyber-security incident by timely recovering the normal operations and identifying appropriate activities to maintain plans for resilience. This function also restores the diminished services and capabilities because of a cyber-security incident.
Functions performed by the recover function are as follows:
- The recover function implements a recovery planning procedure and process in an organization to restore assets and systems affected by cyber security incidents.
- It makes to review the existing strategies and apply some improvements based on learned lessons.
- After any cyber security incident, all the internal and external communications are synchronized for the recovery phase.