Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Security Team Huddle: Using the Full NIST Cybersecurity Framework for the Win

Just as a professional football team needs coordination, strategy and adaptability to secure a win on the field, a well-rounded cybersecurity strategy must address specific challenges and threats.

NIST NVD backlog

The National Institute of Standards and Technology’s (NIST) recent decision to include “govern” as a core function of its Cybersecurity Framework (CSF) is much-needed additional guidance for enterprises as they work to establish and maintain strong security postures. According to Gartner, the NIST CSF remains one of the most important structures for organizations looking to achieve information security and risk management success regardless of size, industry vertical, information security, and risk management experience. Therefore, it is essential for organizations to understand how each of the six core functions – identify, protect, detect, respond, recover, and govern – can work together to make a solid foundation for their network security.

The way in which these functions interconnect and work together is very similar to how a professional sports team performs – and overcomes challenges – together as a team on their field of play. Since the National Football League (NFL) season is now underway, let’s use that gridiron sport as our example.

  1. Identify: Just as a football team might review footage on their opponents prior to a game to determine strengths and weaknesses, for security teams, the identify function involves understanding the organization’s assets, risks and vulnerabilities. By distinguishing critical assets, potential threats and overall risk appetite, teams can create a foundation for effective security measures. And with this information in hand, teams can make informed decisions about where to allocate resources and effort, in the same way that a football coach might set up an offensive play based on where he knows the competitor has a gap in their defensive line. Having the right asset management, vulnerability scanning and risk assessment tools are integral in helping security teams set the strategy for their security efforts.
  2. Protect: In football, one of the most important assets on the field is the quarterback, and protecting that player is a job that falls primarily on the offensive line. The quarterback calls a play based on the information that has been gathered about how the opponent may stop a pass, and simultaneously the line then knows how to maneuver according to the play call and ultimately keep the defense from breaking the line and getting to the quarterback. All this must work in synchrony and without interference to the quarterback’s performance. Similarly, security teams must build on the information gathered during the identification phase to implement safeguards to prevent or and protect against potential threats. Access controls, encryption, training programs, security policies and technologies that can be used to safeguard the system play a key role here. The more a team can protect their most important assets, the more likely they will be successful in reducing the attack surface and minimizing potential damages.
  3. Detect: Even with robust protection measures, some attacks might still occur, just as some quarterback sacks may still happen in a game. The detect function involves setting up mechanisms to monitor and identify anomalous activities or possible breaches. Intrusion detection systems (IDS), security incident and event management (SIEM) solutions and ongoing monitoring are important aspects of this phase. If a security team can detect a threat early, they can respond quickly and minimize the impact.
  4. Respond: Having a well-defined incident response plan and corresponding procedures in place is key in this phase. Knowing how to contain and mitigate an incident and then effectively communicate with the stakeholders will help the organization return to normal operations more quickly. Think of this function like the team huddle after a failed play on the field. The coach or quarterback provides a quick analysis of what happened in the previous play and gives direction on what to do next to ensure the best offensive or defensive actions take place for a successful down.    
  5. Recover: After the huddle, the players must bounce back quickly and get into position to be ready for the next play. Likewise, the “recover” function for an organization involves minimizing downtime and restoring systems and operations quickly after a security incident while also making sure that the vulnerabilities that led to the incident are addressed. Having the right backup and recovery solutions as well as cloud and virtual recovery tools is crucial at this stage.
  6. Govern: The newest function in the NIST CSF but perhaps one of the most important, “govern” provides an overarching framework that guides and supports all of the functions. On a football team, this is where the coaching staff gets the most involved. Though they may not be in uniform and lined up on the field, the role that coaches play in providing direction and oversight from the knowledge they have gathered in all the previous functions turns into the strategy that they can set for the team. The ultimate goal – or business objective – being a W. For security teams, governance necessitates establishing policies and procedures to make sure that cybersecurity efforts align with business objectives. Governance is also key in helping to show proof that your infrastructure is adhering to your policy at any given point in time and on an ongoing basis. In this way, security teams have a way of measuring how the overall system is operating and be able to report on the efficacy of all of the tools that are in place when an audit happens.

Just as a professional football team needs coordination, strategy and adaptability to secure a win on the field, a well-rounded cybersecurity strategy must address specific challenges and threats. This can happen if all six functions of the NIST CSF are integrated and work together alongside continuous assessment procedures as well as collaboration among different teams within an organization – from IT to legal to the executive team – to achieve a truly holistic and effective cybersecurity approach.

Written By

Over his 25+ year career, Matt has held senior technology leadership positions across numerous industries including Netography, Neustar, Verisign, and Prolexic Technologies. With a rich background in innovation and go-to-market strategies, Matt has been a critical leader in helping many companies conceptualize solutions from the customer lens and drive them to market with significant impact.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Kenna Security co-founder Ed Bellis has joined Empirical Security as Chief Executive Officer.

Robert Shaker II has joined application security firm ActiveState as Chief Product and Technology Officer.

MorganFranklin Cyber has promoted Nick Stallone and Ferdinand Hamada into newly created roles.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.