90 second read
Today we are continuing our discussion on reasonable cybersecurity by breaking down the life cycle of cyber risk management. The life cycle can be broken down to the following five functions, as described in the NIST Cybersecurity Framework:
Each function is a different phase of the life cycle of a cyber attack. Think of the five functions as the process one should follow in order to prevent cyber attacks from causing the most damage.
Obviously, you have to identify a problem before you can solve it. It’s the first thing you must do. In this case, problems are a combination of digital assets and the risks to them. Once potential problems have been identified, and prioritized, you can move to the next step.
Once you’ve identified assets and risks, you protect them. In the protection phase, you should be asking yourself; “how am I going to see if someone is attacking systems?” or, “how do I know if my protections are working?” Which leads us to the next step.
You might have great protections in mind, you might have pinpointed them, but if you don’t have any mechanism to detect these problems, there is really no way to know. It’s not enough to just identify your assets and protect them. You actually have to know when somebody’s making a move on them.
This also pencils with the idea of physical security. Let’s use a building as an example. The building is your asset and people could break into it. That’s a risk. You can build a tall fence around it. That’s how you protect it. If you stopped at that point and you didn’t do any detective activity, somebody could run their truck into the fence and then break into the building. But you wouldn’t know, because it’s the middle of the night you don’t have some kind of a camera system or a burglar alarm notifying you that somebody’s breached your fence.
If you have a camera system that shows or detects someone driving a truck into your fence, you can better respond. Depending upon the situation, a response might be shutting off the systems that have been infected by malware, quarantining them, and cleaning them off. Then you can move onto the final stage.
This is when you complete the cleansing of the systems that were affected. From there you start all over again. Again, you want to Identify, Protect, Detect, Respond, and finally, you want to Recover.
Stay tuned. Next week we’ll discuss why it’s important to include data security standards in your business contracts.