CSF core

So just to recap, CSF core is a taxonomy, kind of a hierarchy of cybersecurity and risk management outcomes. And it has this particular structure, it's arranged hierarchically into at the broadest level we have functions, within functions we have categories and then within categories we have subcategories. And what's nice about the way that this is structured, or I should say written, is that there is still room for interpretation. Like they define these individual cybersecurity risk management outcomes, but they don't tell you exactly like how to implement it. So something like securing data at rest might mean very different things for a nuclear power plant than for like an IT training company. So you can kind of choose the controls or the solutions that make sense for you for each of these cybersecurity risk management outcomes. So it's nice and flexible. So we look at the actual hierarchy of CSF core. There's the core itself. I guess that's the broadest container. And within core, there are these different functions, which we'll be going over at length. So we've got govern. This corresponds to governance. Identify, which corresponds to kind of identifying our assets, like knowing what's actually going on in our company. That's always helpful. Protecting said assets, like implementing different controls and mitigations. Detecting cybersecurity incidents that could be intentional or unintentional, but we want to know what's going on in our company, on our networks, and so forth. And then responding to and recovering from cybersecurity events or incidents. And then within each of these functions, there are a ton of categories. And this is just like picking a few. The actual CSF has a lot of categories and a lot of subcategories. So we're mainly just going over the structure here and we'll get into the weeds in a separate video. So for instance, protect. Some things you might want to protect include data. So data security is a category of protect and platform security is one other category within this protect function. And then you probably get the idea by now, but categories are then subdivided into subcategories. So data security can take different forms. It could be data at rest or data in transit and so on. And same for platform security, could be configuration management. How do we track and approve configuration changes for applications or for different platforms in any case? Software management, how do we do the same for software? And the list goes on. I've got the ellipsis there just to remind you that there is a lot more to this structure than we're showing in this slide. So the core functions, we already kind of talked about what they are, but just to quickly define them again, we've got CSF core, this is the big container, and then within it, we've got govern, which has to do with strategy, policy, processes, kind of implementing organizational controls and functions to bolster and kind of support cybersecurity risk management. So that's the govern function. We'll look at the categories again. We're gonna look at all of this in detail. The identify function is understanding not just what is in our environment, like all our different assets, but also what are the risks that those assets face? So we wanna know what we've got and kind of as a corollary, what we have to lose. Protect, this is just safeguards, controls and mitigations to protect said assets, to mitigate, minimize risk as much as possible. And then detection has to do, again, we've kind of already defined this, maybe I got ahead of myself, but this is detecting cybersecurity events or incidents. So it might just be like a log event that is cybersecurity related, but it doesn't have anything to do with, it's not like actually pertinent, or it could be an actual incident. So a policy's been kind of circumvented, or an employee is doing something that they shouldn't be doing, or someone's attacking a particular system. So it could be events or incidents. And then response and recovery are kind of semi-self-explanatory. So with a response, we wanna actually respond to the incidents, like begin acting to contain and stop them, and then we finally want to recover. We want to get our systems, our assets back online in the wake of different cybersecurity events and incidents. So these are the broad functions. And as promised, like just a little bit down the road, we're going to go into each of these and look at the categories and subcategories and really kind of get a feel for the overall structure of CSF Core. But that is for another time. Let's do a quick knowledge check. So what, first off, what are the three levels of classification used by NIST's CSF core? So we've got this hierarchical structure, and then each of those containers has a different name. So the first one and the largest is the functions, which we just defined. So those are kind of like the broadest categories within CSF core. And then within functions, we subdivide those into categories and then those categories are further subdivided into subcategories. So it's kind of a nice, organized, well-structured way to think about all these cybersecurity goals or objectives that we might have. All right, the next one is a little bit more difficult, especially if you're new to the CSF, but just to kind of like test that short-term memory, what were the six functions of CSF Core? I don't expect you to actually remember this if it's the first time you're seeing these. You will by the end of class. But what were the six functions? Well, first off, we already talked previously about the new function in CSF 2.0, and that's governed. So maybe you remember that one. And then continuing down the list, the next one is identification of assets and risks, protection of said assets, mitigation, safeguards, detection of cybersecurity events or incidents, and then response. And if necessary, you know, we need to recover. We need to get our assets fixed or back up and running and kind of get business operations back on track. So those are the six overall functions. And there are, last time I'll say it, there are tons of categories within these functions and then tons of subcategories within the categories, within the functions. So it's a lot if you're actually just looking at the document, but it starts to make sense after you've kind of perused it. That's kind of like part of the goal of this class.