Skip to content
    Home / Function (NIST CSF 2.0)

    Function (NIST CSF 2.0)

    The NIST Cybersecurity Framework (CSF) 2.0 organizes cybersecurity activities into six high-level functions that guide organizations in managing and reducing cyber risk. Govern provides strategic oversight, policies, and accountability structures to integrate cybersecurity into organizational decision-making. Identify focuses on understanding assets, business environment, and risk landscape to prioritize protective efforts. Protect involves implementing safeguards such as access controls, encryption, and secure configurations to prevent or limit the impact of cyber events. Detect emphasizes timely discovery of anomalies and potential incidents through monitoring and threat intelligence. Respond outlines processes for containing, mitigating, and communicating during incidents to minimize damage. Finally, Recover addresses restoring capabilities and services after an event to maintain business continuity. Together, these six functions provide a comprehensive, flexible, and risk-based approach to cybersecurity management.

    ISO/IEC 27003:2017 Information technology — Security techniques — Information security management systems — Guidance

    ISO/IEC 27003 provides detailed guidance for organizations on how to implement an Information Security Management System (ISMS) based on the requirements of ISO/IEC 27001. It covers the entire process from… Read More »ISO/IEC 27003:2017 Information technology — Security techniques — Information security management systems — Guidance

    ISO/IEC 27004:2016 Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation

    ISO/IEC 27004 is an international standard that provides guidelines for monitoring, measuring, analyzing, and evaluating the performance and effectiveness of an Information Security Management System (ISMS) based on ISO/IEC 27001.… Read More »ISO/IEC 27004:2016 Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation

    NIST SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View

    NIST SP 800-39 serves as the overarching flagship for information security risk management, providing the high-level governance necessary to align cybersecurity efforts with an organization’s core mission and business objectives.… Read More »NIST SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View