Beyond Firewalls: The Identify Function

In this second of a six-part series, we will introduce the “Identify” function of the NIST-CSF.

Asset Management. Business Environment. Governance. Risk Assessment. Risk Management Strategy. These are the five categories in this function. Sound familiar? Of course! This is the bread and butter of any strategic planning and management within an organization. The tools used to assist in that process are often part of the Enterprise Risk Management (ERM) function, and reflect industry-wide standards and regulations, such as COSO, COBIT, SOX, or ISO 27001. How is this related to cybersecurity? Simple! In a hyper-connected world, cybersecurity is not a separate function isolated in the IT Department, but an integral part of everyday activity and thus, everyone’s responsibility.

Maintaining clear roles and responsibilities in regards to risk is indeed the main goal behind the activities described in the 5 categories and 24 subcategories. The activities themselves are rather straightforward: Identifying, determining, inventorying, mapping, documenting of assets, systems, networks, and policies. This is a necessary step towards the goal, but not sufficient. The more difficult task: Understanding internal and external dependencies, and communicating the insights. It is here where organizational maturity and knowledge management are arguably at least as important as IT expertise. Our staff at novaturient can provide both, to help companies successfully identify their roles, responsibilities, and risk.

nist-id-1-wordcloud

, ,