Skip to content
Home

Function (NIST CSF 2.0)

The NIST Cybersecurity Framework (CSF) 2.0 organizes cybersecurity activities into six high-level functions that guide organizations in managing and reducing cyber risk. Govern provides strategic oversight, policies, and accountability structures to integrate cybersecurity into organizational decision-making. Identify focuses on understanding assets, business environment, and risk landscape to prioritize protective efforts. Protect involves implementing safeguards such as access controls, encryption, and secure configurations to prevent or limit the impact of cyber events. Detect emphasizes timely discovery of anomalies and potential incidents through monitoring and threat intelligence. Respond outlines processes for containing, mitigating, and communicating during incidents to minimize damage. Finally, Recover addresses restoring capabilities and services after an event to maintain business continuity. Together, these six functions provide a comprehensive, flexible, and risk-based approach to cybersecurity management.

NIST IR 8374 Rev. 1 Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile

The “Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile” is a NIST publication that provides organizations with a practical guide to managing ransomware risks using the updated NIST Cybersecurity… Read More »NIST IR 8374 Rev. 1 Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile

CSA Cloud Adversarial Vectors, Exploits, and Threats (CAVEaT™): An Emerging Threat Matrix for Industry Collaboration

The Cloud Security Alliance’s (CSA) Cloud Adversarial Vectors, Exploits, and Threats (CAVEaT™) is an emerging, cloud-centric threat matrix designed to address the unique and rapidly evolving security risks in cloud… Read More »CSA Cloud Adversarial Vectors, Exploits, and Threats (CAVEaT™): An Emerging Threat Matrix for Industry Collaboration

MITRE CAPEC – Common Attack Pattern Enumeration and Classification Version 3.9

The MITRE Common Attack Pattern Enumeration and Classification (CAPEC) is a publicly available, comprehensive catalog that documents and categorizes common attack patterns used by adversaries to exploit software and systems.… Read More »MITRE CAPEC – Common Attack Pattern Enumeration and Classification Version 3.9