{"id":3737,"date":"2026-04-02T11:56:58","date_gmt":"2026-04-02T11:56:58","guid":{"rendered":"https:\/\/astrocameras.store\/?p=3737"},"modified":"2026-04-02T11:56:58","modified_gmt":"2026-04-02T11:56:58","slug":"nist-framework-explained","status":"publish","type":"post","link":"https:\/\/discoverdsl.com\/?p=3737","title":{"rendered":"NIST\u00a0FRAMEWORK\u00a0EXPLAINED"},"content":{"rendered":"\n

As a beginner in GRC, the NIST framework is one of the key frameworks you need to understand. I have simplified its concepts to make them more accessible for beginners. This way, if you ever need to explain these concepts, you\u2019ll have a solid foundation and the confidence to articulate them effectively.<\/p>\n\n\n\n

\"\"\/
THE NIST FRAMEWORK<\/figcaption><\/figure>\n\n\n\n
    \n
  1. IDENTIFY:\u00a0<\/strong>Understanding what to protect and knowing the potential risks that could arise. Before protecting, you need to understand the assets and data in the organization, storage, and how they are processed.<\/li>\n<\/ol>\n\n\n\n

    Do your asset inventory, determining the critical\/non-critical assets, sensitive data, devices, software, etc.<\/p>\n\n\n\n

    TOOLS<\/strong><\/p>\n\n\n\n

    > ServiceNow CMDB<\/p>\n\n\n\n

    > NIST 800\u201330<\/p>\n\n\n\n

    2. PROTECT:<\/strong> Setting up defense mechanisms and barriers to keep out threats, ensuring employee training and data accessibility.<\/p>\n\n\n\n

    STEPS<\/p>\n\n\n\n

    Access Management: <\/strong>Tools such as Okta and Azure AD ensure that only authorized individuals have access to data<\/p>\n\n\n\n

    Encryption:<\/strong> TLS (Transport Layer Security) and SSL (Secured Socket Layer)<\/p>\n\n\n\n

    Don\u2019t forget employee training<\/strong> is important, humans are always the weakest link in security.<\/p>\n\n\n\n

    3. DETECT:<\/strong> Identifying what went wrong is the first thing to do, potential threats and vulnerabilities need to be detected early enough<\/p>\n\n\n\n

    SIEM tools<\/strong> such as IBM QRADAR, and Splunk analyze suspicious activities and monitor and raise suspicious alert<\/p>\n\n\n\n

    Intrusion Detection System<\/strong> such as Snort helps greatly.<\/p>\n\n\n\n

    Endpoint Monitoring: <\/strong>CrowdStrike helps monitor devices like laptops and phones in the organization.<\/p>\n\n\n\n

    4. RESPOND:<\/strong> Actions taken when a breach\/security incident occurs.<\/p>\n\n\n\n

    Tools like the Incidence Response Playbook <\/strong>help with step-by-step guides for handling specific incidents and scenarios.<\/p>\n\n\n\n

    Forensic Analysis Toolkits <\/strong>and continuous communication<\/strong> with your team.<\/p>\n\n\n\n

    A quick response plan ensures a Business Continuity plan.<\/p>\n\n\n\n

    5. RECOVER:<\/strong> Business Continuity after a breach involves lessons learned from the security breach and other improvements made afterward to avoid future occurrences.<\/p>\n\n\n\n

    TOOLS:<\/p>\n\n\n\n

    Veeam Backup and Recovery <\/strong>is a software that can help you recover lost data.<\/p>\n\n\n\n

    Acronis Data Protection Software<\/strong> helps protect your data from breaches.<\/p>\n\n\n\n

    Conduct a post-incident review <\/strong>with your team to determine areas of improvement and how the data breach occurred.<\/p>\n\n\n\n

    Business can continue when all these have been put in check.<\/p>\n\n\n\n

    The NIST helps in building resilience and identifying areas of risk in an organization.<\/p>\n","protected":false},"excerpt":{"rendered":"

    As a beginner in GRC, the NIST framework is one of the key frameworks you need to understand. I have simplified its concepts to make them more accessible for beginners. This way, if you ever need to explain these concepts, you\u2019ll have a solid foundation and the confidence to articulate them effectively. Do your asset […]<\/p>\n","protected":false},"author":1,"featured_media":3738,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3737","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/discoverdsl.com\/index.php?rest_route=\/wp\/v2\/posts\/3737","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/discoverdsl.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/discoverdsl.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/discoverdsl.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/discoverdsl.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3737"}],"version-history":[{"count":1,"href":"https:\/\/discoverdsl.com\/index.php?rest_route=\/wp\/v2\/posts\/3737\/revisions"}],"predecessor-version":[{"id":3739,"href":"https:\/\/discoverdsl.com\/index.php?rest_route=\/wp\/v2\/posts\/3737\/revisions\/3739"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/discoverdsl.com\/index.php?rest_route=\/wp\/v2\/media\/3738"}],"wp:attachment":[{"href":"https:\/\/discoverdsl.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3737"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/discoverdsl.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3737"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/discoverdsl.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3737"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}