Use the NIST Cybersecurity Framework for your Business

Integral IT - NIST cyber security framework

Share This Post

One of the best ways to protect your business against cyber-attacks is by using cyber security frameworks. Cyber security can often seem daunting and challenging to get your head around. But by using a framework, your cyber security can become simple and organised.

The NIST cyber security framework may seem overcomplicated for a small business. However, it is effective in companies, big or small. The NIST framework was set up by the National Institute of Standards and Technology in 2014, and in 2017, advancements were made when Donald Trump became president of the United States. Trump demanded that all government agencies use the NIST framework to protect them from cyber-attacks. Since then, this framework has been adopted by many large businesses and then began to trickle down into the smaller business.

Within Each function of the framework, there are also categories and subcategories.  This is to help your business implement tools and processes to improve your cyber security. This framework also includes the implementation of tiers; to make things more accessible, it is best to think of these as ‘scores’.

Identify Function


This is the first function that must be looked at. This function requires you to understand better all the systems that make up the critical infrastructure of your business. This stage focuses on assessing which assets and processes are at risk, ensuring nothing flies under the radar. Asset management, listing business hardware and internet devices under this function and software, such as cloud services, must be identified. Within this function also comes Risk Assessment. It is to pick up on any old software versions as these could be breached. Once all of this has been completed, you have identified all of the things that could be a cyber security risk and require protection within your business.

Protect Function


This function looks at all the tools and processes to protect the previously identified assets against a cyber-attack. This may include multi-factor authentication to improve protection or find means to protect against phishing attacks. Many IT companies stop after this Function. However, three more handy functions can be completed to ensure the best protection.

Detect Function


How can you detect if and when a Cyber-attacks is being attempted on your business? If you can find out about an attack early, there is a much less threat of a detrimental impact. Security monitoring can save your business. An example of this is email alerts for login attempts in areas where there are no employees. These are hackers attempting to get into your accounts.

Respond Function


After identifying an attempted or a potential cyber-attack, we must then analyse the breach, contain any damage that has been done,  and carry out an appropriate response plan.  This may mean notifying directors, stakeholders, and possibly even customers.

Recover Function


The best recovery tactic is to prevent a cyber-attack altogether. However, we must have a recovery plan in place if a cyber-attack happens. NIST framework identifies this stage as ‘to restore any impaired capabilities or services due to a cyber security event. Recovering from a ransomware attack may mean that all your data is encrypted and you have no access to it. Using an excellent backup will be a key to recovering from this. It also means speaking to your team and talking to them about preventing this from happening again.

That is the last of the functions of the NIST framework; although this is intended for government agencies, it is excellent at protecting businesses as well.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

How quickly should you get your IT problems fixed?
IT Security

How Quickly Should Your IT Problems Get Fixed?

IT Problems are probably one of the most frustrating things that can happen within your business. What are you to do when you’ve got deadlines to meet, or you’re working from home and can’t access anything? Are you then expected to contact your IT support and wait? How long should you wait? The answers to

Hackers are Beating Multi-Factor Authentication

Just when your thought your cloud applications were secure by implementing multi-factor authentication, hackers are developing strategies to beat this defence. If you didn’t already know, Multi-factor authentication is an essential part of your IT security for logging into your devices and cloud applications. With multi-factor authentication, you need to enter your username and password

Scroll to Top