Skip to content
Home

Function (NIST CSF 2.0)

The NIST Cybersecurity Framework (CSF) 2.0 organizes cybersecurity activities into six high-level functions that guide organizations in managing and reducing cyber risk. Govern provides strategic oversight, policies, and accountability structures to integrate cybersecurity into organizational decision-making. Identify focuses on understanding assets, business environment, and risk landscape to prioritize protective efforts. Protect involves implementing safeguards such as access controls, encryption, and secure configurations to prevent or limit the impact of cyber events. Detect emphasizes timely discovery of anomalies and potential incidents through monitoring and threat intelligence. Respond outlines processes for containing, mitigating, and communicating during incidents to minimize damage. Finally, Recover addresses restoring capabilities and services after an event to maintain business continuity. Together, these six functions provide a comprehensive, flexible, and risk-based approach to cybersecurity management.

ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements

ISO 27001 is an internationally recognized standard that provides a comprehensive framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS) within any organization. Its primary goal… Read More »ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements

NIST SP 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

NIST Special Publication 800-37, Revision 2, titled “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy,” provides comprehensive guidelines for applying the… Read More »NIST SP 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary

The ISO 27000 standard provides an overview and introduction to the ISO 27000 family, which is a series of international standards focused on information security management systems (ISMS). These standards… Read More »ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary

ISO/IEC 27003:2017 Information technology — Security techniques — Information security management systems — Guidance

ISO/IEC 27003 provides detailed guidance for organizations on how to implement an Information Security Management System (ISMS) based on the requirements of ISO/IEC 27001. It covers the entire process from… Read More »ISO/IEC 27003:2017 Information technology — Security techniques — Information security management systems — Guidance