8.1.1 Identify, Protect, Detect, Respond, Recover

The cyber risk management framework proposed by the National Institute of Standards and Technology (NIST) consists of five functions:¹

1. Identify. Develop an organizational understanding to manage cyber security risk to systems, people, assets, data, and capabilities.
2. Protect. Develop and implement appropriate safeguards to ensure delivery of critical services.
3. Detect. Develop and implement appropriate activities to identify the occurrence of a cyber security event.
4. Respond. Develop and implement appropriate activities to take action regarding a detected cyber security incident.
5. Recover. Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cyber security incident.

Cyber security in an organization typically places emphasis on maintaining a secure perimeter, with an emphasis on technology tools for monitoring internal traffic and external communications, and with minimal tolerance of external penetration, malware, or unauthorized software. Cyber security tools include antivirus software, firewalls, network traffic deep-packet inspection, data management systems, email security systems, server gateways, web application firewalls, and many others.

Cyber security system design is a complex and skillful process, matching the specific operations and ...