Secure your Organization with the NIST Blueprint

Breaches are at all time high.  Over 50 billion devices are connected to the internet.  Some of them are secure, and some of them are not.  Which category does your organization fall into?

Many organizations wonder where to start when they are looking at strengthening their security posture.  Fortunately, the wheel does not need reinvented.  Much traction and return on investment can be made by simply aligning an organization's security program with the NIST standard.

NIST (National Institute of Standards and Technology) is the de facto standard when it comes to security organizations.  It provides a solid framework that outlines cybersecurity in five categories.  Comparing an organization’s alignment with the NIST standards will give you a solid measurement of how your cybersecurity program lines up.

Let’s jump into the five NIST Cyber Security Framework categories: Identify, Protect, Detect, Respond, and Recover.

IDENTIFY

Organizations must be able to understand their own environment before they can protect it.  Many times, the organization is not aware of all of the digital assets owned.  As an example, all digital assets including workstations, servers, wireless devices, laptops, printers, network battery backups, as well as others need to be well-documented on a spreadsheet.  The spreadsheet should be updated with regular frequency.  It is impossible to protect assets if there is not a fully updated list.  This is just one example of the ”Identify” category.

PROTECT

Organizations must develop controls and safeguards around their systems in order to protect them.  For example, this may include items such as a System Hardening Standard.  A System Hardening Standard ensures that proper procedures are followed in order to protect a system before it goes online.  An example is making sure that default usernames and passwords aren’t being used on the system.  Other examples are making sure that unnecessary services are disabled as well as up-to-date patching.  These are just some small examples of controls used to “Protect” systems.

DETECT

Now that our systems are protected, we must also have controls to detect malicious events.  For example, controls need put in place to monitor for anomalies.  An anomaly is something that is “not normal” on a system or network.  A heavy amount of network traffic at 3am when there is no staff in the office could be deemed as an anomaly.  Other controls such as FIM (File Integrity Monitoring) could also be put in place to ensure that improper changes are not happening to system files.  If such an event would happen, an alert would be triggered.  These are ways to “Detect” malicious activity as it is happening.

RESPOND

By this step, an organization is protecting their assets.  Malicious events are being detected and triggering alerts - so how do they respond?  This is where an Incident Response Policy comes into play.  When an incident occurs, what is the documented process that must occur to ensure minimal impact?  What personnel are responsible for what tasks?  If proper table-top exercises are performed regularly, an organization will be ready to respond when the real thing happens.  The NIST “Respond” category outlines all of the proper controls an organization should have in place to ensure that there is minimal impact when an incident occurs.

RECOVER

Let's imagine that a breach has occurred.  The team has successfully walked through the Incident Response Plan to ensure minimal impact.  Although the plan was successful, there was still an impact on the organization.  The “Recover” category covers how a company can make sure that proper backups are in place and that digital assets can be restored in a timely manner.  Recovering from an incident also involves conversations around lessons learned and strategizing ways to tighten up the security posture and business processes so that next time the impact will be lesser with faster recovery.

The NIST Cybersecurity Framework is a solid foundation and blueprint for an organization to protect its digital assets, reputation, and business continuity.  If you would like a deeper dive into the NIST controls, contact us at or 888-277-8320.

Mike Miller is a cybersecurity professional with 25 years of experience through the IT industry.  He has focused on security, specializing in the areas of Virtual Chief Information Security Officer services, Governance, Risk, and Compliance, PCI, SOC, Intrusion Detection, Penetration Testing, and Incident Response.  In 2011, Mike founded Cyber Protection Group, which was acquired by Appalachia in 2022.  Mike is passionate about mentoring and assisting aspiring cybersecurity professionals and can be found regularly sharing insight on his LinkedIn profile.  When he isn’t fighting cyber crime, Mike loves spending time with his wife and kids, often boating in the Ozarks.