NIST CSF Identify Function
Transcription
I would encourage you to read the NIST Cyber Security Framework. It’s a great way to learn about how to start addressing the cyber security challenge that is out there. It’s broken into five functions. The first function is known as “identify”. That function really is all about risk assessment. When I think about identifying things, it really has to do with identifying your risk. So, what you’ll find in the NIST Cyber Security Framework is sections relating to risk assessment, risk management strategy, supply chain risk management, asset management, business environment. These are all things that you have to identify for your business. You have to understand the assets that you have, the type of environment that you have built and that you're working in, you have to understand the risks that you're facing from third parties such as your supply chain, and you have to have a strategy for how you’re going to deal with this. But the very first function in the NIST Cyber Security Framework teaches you how to identify these things. That is always your first step in trying to perform a risk assessment and getting that documented so that you can move through the other functions in the framework.
I would encourage you to read the NIST Cyber Security Framework. It’s a great way to learn about how to start addressing the cyber security challenge that is out there. It’s broken into five functions. The first function is known as “identify”. That function really is all about risk assessment. When I think about identifying things, it really has to do with identifying your risk. So, what you’ll find in the NIST Cyber Security Framework is sections relating to risk assessment, risk management strategy, supply chain risk management, asset management, business environment. These are all things that you have to identify for your business. You have to understand the assets that you have, the type of environment that you have built and that you're working in, you have to understand the risks that you're facing from third parties such as your supply chain, and you have to have a strategy for how you’re going to deal with this. But the very first function in the NIST Cyber Security Framework teaches you how to identify these things. That is always your first step in trying to perform a risk assessment and getting that documented so that you can move through the other functions in the framework.