NIST Cybersecurity Framework | Cybersecurity Insights #4

NIST Cybersecurity Framework | Cybersecurity Insights #4

Hey everybody!
Its Josh from Absolute. We’re going to start taking a look
at the NIST Cybersecurity Framework. I’ll go into all five pillars of NIST in future episodes but for now, let’s do a quick overview. [MUSIC] The NIST CSF calls for actions any IT and security team
can do to create resilience-by-default. Those actions are:
Identify, Protect, Detect, Respond and Recover. First up, Identify See everything. But this is not just an inventory of resources… We need to put our finger on
hidden weaknesses and vulnerabilities. 99% of successful attacks hit existing vulnerabilities that were either hidden or unresolved. Number 2: Protect or… build a moat. The Protect pillar gives us
techniques to safeguard data: Access Controls to solve overly permissive pathways to the goods. Data security to blanket information and prevent its escape. Protective technology so we don’t have to do all of this by-hand. And Training to keep our users in the
know about cybersecurity principles. They simply do not know what you know. Teach them! and everyone wins. Number 3: Detect which invites us to go looking for trouble. Once we have a strong baseline — identify and protect — we can fine-tune what makes something an anomaly. Then, watch the baseline with a
keen eye to see if anomalies pop up. Reflect on what we’ve found, so we can get better at our powers of detection. Number 4: Be responsive The Respond pillar shows us how
to plan, communicate, analyze, mitigate, and improve Incident Response. Response planning and communication give us the connective tissue
that helps diffuse security incidents. With analysis and mitigation
directed toward the goal of swift recovery. And 5: Recover This is where we iterate and adapt. NIST pushes us to learn from what’s happened and adjust controls
to bounce back stronger than ever. By questioning assumptions, taking our new hard-won
knowledge of what can happened, we influence security measures that will help protect us
against an unknown future. Putting the NIST CSF in place
can lead to acute anxiety and fear. These are base instincts that are part of being human; we fear what we don’t understand. But… as you’ll see in later episodes, The NIST CSF is only
formalizing what you’ve done for years. This is nothing new. And there’s nothing to fear. Nothing. Remember to like this episode and subscribe to get the rest of the story. I’ll see you next time.


  1. Looking to learn more about NIST CSF? Check out our blog to find out what you may be missing.

  2. Thanks for the nice and brief video.
    "Watch the baseline with a keen eye to see if anomalies pop up" – am not sure CSF at its framework's capabilities level can handle this though. The keen eye to observe an anomaly popping up has to come from operation level.

Leave a Reply

Your email address will not be published.