The NIST Cybersecurity Framework (CSF) is a globally used guideline for managing and reducing cybersecurity risks.
It is built around five core functions:
NIST CSF – The 5 Core Functions
1. Identify
Understand your environment:
- Assets (devices, data, software)
- Users and roles
- Risks and vulnerabilities
- Policies and governance
Goal: Know what you must protect.
2. Protect
Put safeguards in place:
- Access control
- Authentication
- Firewalls, encryption
- Awareness training
- Data protection
Goal: Prevent or reduce cyber incidents.
3. Detect
Monitor systems to find attacks quickly:
- Intrusion detection systems
- Log monitoring
- Threat detection tools
- Continuous monitoring
Goal: Discover threats early.
4. Respond
Take action when an incident occurs:
- Incident response plan
- Alerts and reporting
- Communication
- Containment of threats
Goal: Minimize damage.
5. Recover
Restore normal operations:
- Backups
- Disaster recovery
- System restoration
- Lessons learned
Goal: Return to full functioning and improve future security.
✅ 2. EU NIS Framework (Network & Information Systems Directive)
This is a European Union law that sets requirements for improving cybersecurity across member states.
Key Components
- Protect critical infrastructure (energy, banking, healthcare, transport, etc.)
- Improve incident reporting
- Strengthen national cybersecurity strategies
- Increase cooperation between EU states
Objectives
- Improve cybersecurity readiness
- Reduce vulnerability of essential services
- Enhance rapid response to cyber incidents