Connect with us

Hi, what are you looking for?


Management & Strategy

Security Team Huddle: Using the Full NIST Cybersecurity Framework for the Win

Just as a professional football team needs coordination, strategy and adaptability to secure a win on the field, a well-rounded cybersecurity strategy must address specific challenges and threats.

NIST OT security guide

The National Institute of Standards and Technology’s (NIST) recent decision to include “govern” as a core function of its Cybersecurity Framework (CSF) is much-needed additional guidance for enterprises as they work to establish and maintain strong security postures. According to Gartner, the NIST CSF remains one of the most important structures for organizations looking to achieve information security and risk management success regardless of size, industry vertical, information security, and risk management experience. Therefore, it is essential for organizations to understand how each of the six core functions – identify, protect, detect, respond, recover, and govern – can work together to make a solid foundation for their network security.

The way in which these functions interconnect and work together is very similar to how a professional sports team performs – and overcomes challenges – together as a team on their field of play. Since the National Football League (NFL) season is now underway, let’s use that gridiron sport as our example.

  1. Identify: Just as a football team might review footage on their opponents prior to a game to determine strengths and weaknesses, for security teams, the identify function involves understanding the organization’s assets, risks and vulnerabilities. By distinguishing critical assets, potential threats and overall risk appetite, teams can create a foundation for effective security measures. And with this information in hand, teams can make informed decisions about where to allocate resources and effort, in the same way that a football coach might set up an offensive play based on where he knows the competitor has a gap in their defensive line. Having the right asset management, vulnerability scanning and risk assessment tools are integral in helping security teams set the strategy for their security efforts.
  2. Protect: In football, one of the most important assets on the field is the quarterback, and protecting that player is a job that falls primarily on the offensive line. The quarterback calls a play based on the information that has been gathered about how the opponent may stop a pass, and simultaneously the line then knows how to maneuver according to the play call and ultimately keep the defense from breaking the line and getting to the quarterback. All this must work in synchrony and without interference to the quarterback’s performance. Similarly, security teams must build on the information gathered during the identification phase to implement safeguards to prevent or and protect against potential threats. Access controls, encryption, training programs, security policies and technologies that can be used to safeguard the system play a key role here. The more a team can protect their most important assets, the more likely they will be successful in reducing the attack surface and minimizing potential damages.
  3. Detect: Even with robust protection measures, some attacks might still occur, just as some quarterback sacks may still happen in a game. The detect function involves setting up mechanisms to monitor and identify anomalous activities or possible breaches. Intrusion detection systems (IDS), security incident and event management (SIEM) solutions and ongoing monitoring are important aspects of this phase. If a security team can detect a threat early, they can respond quickly and minimize the impact.
  4. Respond: Having a well-defined incident response plan and corresponding procedures in place is key in this phase. Knowing how to contain and mitigate an incident and then effectively communicate with the stakeholders will help the organization return to normal operations more quickly. Think of this function like the team huddle after a failed play on the field. The coach or quarterback provides a quick analysis of what happened in the previous play and gives direction on what to do next to ensure the best offensive or defensive actions take place for a successful down.    
  5. Recover: After the huddle, the players must bounce back quickly and get into position to be ready for the next play. Likewise, the “recover” function for an organization involves minimizing downtime and restoring systems and operations quickly after a security incident while also making sure that the vulnerabilities that led to the incident are addressed. Having the right backup and recovery solutions as well as cloud and virtual recovery tools is crucial at this stage.
  6. Govern: The newest function in the NIST CSF but perhaps one of the most important, “govern” provides an overarching framework that guides and supports all of the functions. On a football team, this is where the coaching staff gets the most involved. Though they may not be in uniform and lined up on the field, the role that coaches play in providing direction and oversight from the knowledge they have gathered in all the previous functions turns into the strategy that they can set for the team. The ultimate goal – or business objective – being a W. For security teams, governance necessitates establishing policies and procedures to make sure that cybersecurity efforts align with business objectives. Governance is also key in helping to show proof that your infrastructure is adhering to your policy at any given point in time and on an ongoing basis. In this way, security teams have a way of measuring how the overall system is operating and be able to report on the efficacy of all of the tools that are in place when an audit happens.

Just as a professional football team needs coordination, strategy and adaptability to secure a win on the field, a well-rounded cybersecurity strategy must address specific challenges and threats. This can happen if all six functions of the NIST CSF are integrated and work together alongside continuous assessment procedures as well as collaboration among different teams within an organization – from IT to legal to the executive team – to achieve a truly holistic and effective cybersecurity approach.

Written By

Matt Wilson is the Vice President of Product Management at Netography. Over his 25+ year career, Matt has held senior technology leadership positions across numerous industries including Neustar, Verisign, and Prolexic Technologies. With a rich background in innovation and go-to-market strategies, Matt has been a critical leader in helping many companies conceptualize solutions from the customer lens and drive them to market with significant impact.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem