The Response Management Framework extends the NIST Framework

The Preliminary Cybersecurity Framework is available on the National Institute of Standards and Technology (NIST) Web Site. Next week the final version is due. The preliminary paper identifies 5 core functions. The Response Management Framework compliments the NIST framework and extends three of the core functions.

Some experts have been critical of the framework, but others support it. See Taylor Amerding’s article “NIST’s finalized cybersecurity framework receives mixed reviews”, January 31, 2014, in CSO Online.

Identify, Protect, Detect, Respond, Recover

1. Identify – Identify Systems, Assets, Data, and Capabilities at Risk for Cyber Incidents.
   
2. Protect – Implement Access Controls, Awareness & Training, Data Security, and Protective Technologies.
3. Detect – Detect Anomalies and Events; Employ Continuous Monitoring and Detection Processes.
4. Respond – Include Response Planning,  Analysis, Mitigation, and Improvements.
5. Recover – Address Recovery Planning, Improvements, and Communications.

Of course, Detect, Respond, and Recover are the context for your incident response plan.

• In Detect, potential incidents are analyzed to determine their nature.
• Respond encompasses additional analysis, containment, more analysis, and eventually eradication.
• Then Recover proceeds unhindered to restore impacted capabilities.

Coordinated Response

The Response Management Framework provides the details of who, what, when, where, and how.

Of course, Coordinated Response uses the information provided from the Identify function to help build the Impact Assessment and to properly Prioritize the Incident.