The NIST framework consists of standards, guidelines, and best practices to mitigate cybersecurity risk. The framework comes from the National Institute of Standards and Technology, a government agency formed by the U.S. Department of Commerce that develops cybersecurity standards for businesses, federal agencies, and the broader public. Here’s what that looks like in practice:
Identify
Determine the nature of the threat and identify the assets that need protection.
Protect
Implement appropriate security controls to protect the compromised asset and restore system function.
Detect
Determine the nature and impact of the threat. Implement continuous monitoring capabilities to track security events and see if protective measures are working.