We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Cybersecurity Functions (Part 1)

Recently, I was asked to detail the functions of Cybersecurity and our responsibilities. This led to me thinking, “What a wonderful prompt for a blog.”

Fundamentally, cybersecurity is a practice that seeks to ensure the availability, integrity, and confidentiality of computers, electronic communications systems and services, and the information contained within. NIST SP 800-53 Rev. 5 includes authentication and nonrepudiation as a part of the definition. However, most people know of what is referred to as the triad, or confidentiality, integrity, and availability of systems and the information within.

In truth, the role of cybersecurity in an organization is to enable the functions of the business and its systems while ensuring proper and adequate security.

In jest, many think of cybersecurity as the ‘blockers’ or the ‘no guy’ (or gal) in an organization. Unfortunately, that reputation has been earned honestly by well-intentioned and poorly executed practices.

In truth, the role of cybersecurity in an organization is to enable the functions of the business and its systems while ensuring proper and adequate security. Many opinions and frameworks define proper and adequate security, and they are well-meaning. Still, I will focus on the leading standard in the industry, the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

Applying cybersecurity functions is a constantly evolving practice with considerations to laws, regulations, policies, standards, and business needs.

At the highest level, there are six functions of cybersecurity. These are (1) Govern, (2) Identify, (3) Protect, (4) Detect, (5) Respond, and (6) Recover. Though presented as a list, the functions should be considered and addressed together. Additionally, applying these functions is not a static set of rules and controls nor singular in size or scope. Applying cybersecurity functions is a constantly evolving practice with considerations to laws, regulations, policies, standards, and business needs.

NIST outlines two states or profiles of cybersecurity for organizations. These are current and target profiles. The remainder of this series will address each of the primary functions, focusing on target profiles. I will integrate concerns with privacy since this is what most organizations are constantly trying to define. Additionally, I will approach the discussion focusing on Zero Trust Architecture, which is currently the leading architecture within the industry.

In part two, I will begin with the govern function and cover the definition, a couple of use cases, and roles within cybersecurity.

How do you define the role of cybersecurity? Comment below!

Posted

in

,

by

Justin

Tags:

Comments

2 responses to “Cybersecurity Functions (Part 1)”

  1. Cybersecurity: Functions (Part 2) – Cyber Muster

    […] Cybersecurity Functions (Part 1) – Cyber Muster […]

  2. Cybersecurity: Functions (Part 4) – Cyber Muster

    […] Cybersecurity requires understanding an organization’s mission, vision, and strategy and apply… […]