Skip to content
Home

Function (NIST CSF 2.0)

The NIST Cybersecurity Framework (CSF) 2.0 organizes cybersecurity activities into six high-level functions that guide organizations in managing and reducing cyber risk. Govern provides strategic oversight, policies, and accountability structures to integrate cybersecurity into organizational decision-making. Identify focuses on understanding assets, business environment, and risk landscape to prioritize protective efforts. Protect involves implementing safeguards such as access controls, encryption, and secure configurations to prevent or limit the impact of cyber events. Detect emphasizes timely discovery of anomalies and potential incidents through monitoring and threat intelligence. Respond outlines processes for containing, mitigating, and communicating during incidents to minimize damage. Finally, Recover addresses restoring capabilities and services after an event to maintain business continuity. Together, these six functions provide a comprehensive, flexible, and risk-based approach to cybersecurity management.

NIST IR 8286 Integrating Cybersecurity and Enterprise Risk Management (ERM)

NIST IR 8286 Rev. 1, Integrating Cybersecurity and Enterprise Risk Management (ERM), provides a strategic framework for bridging the gap between technical security operations and high-level business decision-making. It emphasizes… Read More »NIST IR 8286 Integrating Cybersecurity and Enterprise Risk Management (ERM)

NIST IR 8286A Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

NIST IR 8286A Rev. 1, Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management, serves as a specialized companion to the main framework by providing deep-dive methodologies for the initial… Read More »NIST IR 8286A Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

NIST IR 8286C Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

NIST IR 8286C Rev. 1, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight, completes the risk management cycle by detailing how prioritized risks are formally communicated and acted… Read More »NIST IR 8286C Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

NIST IR 8286D Using Business Impact Analysis to Inform Risk Prioritization and Response

NIST IR 8286D, Using Business Impact Analysis to Inform Risk Prioritization and Response, bridges the gap between traditional Business Impact Analysis (BIA) and modern cybersecurity risk management. It provides a… Read More »NIST IR 8286D Using Business Impact Analysis to Inform Risk Prioritization and Response

NIST SP 800-221 Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio

NIST SP 800-221 serves as the critical functional bridge between enterprise-level strategy and technical delivery, focusing on the Enterprise Impact of Information and Communications Technology (ICT) Risk. It moves beyond… Read More »NIST SP 800-221 Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio

ISO/IEC 27005:2022 Information security, cybersecurity and privacy protection — Guidance on managing information security risks

ISO/IEC 27005 is an international standard that provides comprehensive guidelines for information security risk management, forming a key part of the ISO/IEC 27000 family of standards. It outlines a structured… Read More »ISO/IEC 27005:2022 Information security, cybersecurity and privacy protection — Guidance on managing information security risks

NIST SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View

NIST SP 800-39 serves as the overarching flagship for information security risk management, providing the high-level governance necessary to align cybersecurity efforts with an organization’s core mission and business objectives.… Read More »NIST SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View