Chapter 3: Introduction to Technological Aspects of Privacy
The NIST Cybersecurity Framework
The NIST Cybersecurity Framework (CSF), first published in 2014, is guidance rather than law and popularized five Framework Core Functions: Identify, Protect, Detect, Respond, Recover, meant to operate concurrently and continuously.
| Function | Focus |
|---|---|
| Identify | Understand and manage cybersecurity risk to systems, assets, data, and capabilities |
| Protect | Implement safeguards to ensure confidentiality, integrity, and availability |
| Detect | Identify the occurrence of a cybersecurity event (e.g. anomalous activity) |
| Respond | Take action on a detected event - incident response, including required notices |
| Recover | Maintain resilience plans and restore impaired capabilities or services |
Guidance, not law
Exam point: the NIST CSF is guidance rather than a set of legal requirements, providing industry standards and best practices. NIST stresses all five functions operate concurrently and continuously.
Key terms - quick answers
What is “NIST Cybersecurity Framework (CSF)”?
A 2014 NIST framework of industry standards and best practices to help organizations manage cybersecurity risk; guidance, not a legal requirement.
What is “Identify, Protect, Detect, Respond, Recover”?
The five NIST CSF Framework Core Functions, designed to operate concurrently and continuously.