NIST CSF – Respond | Cybersecurity Insights #8

August 5, 2019 posted by

Hi! It’s Josh from Absolute. Today’s video is all about the “Respond” pillar of the NIST Cybersecurity Framework. [MUSIC] Think of the term ‘efficient’
as doing things right, while ‘effective’ should
be thought of as doing the right things. We need both. And nestled inside this section are focus areas for
improving effectiveness and efficiency. It starts with Response Planning. I know, I know. The famous quote from Mike Tyson: “Everyone has a plan
until they get punched in the face”. But when you think about it, even world champion
boxers will train, simulate, and spar to plan for what happens after the punch. A good place to start your response plan is by returning to those five questions: What could happen? What should happen? What would happen? What is happening? What did happen? Each of these questions demands answers; and those answers become
the foundation of the response plan. Next is Communication. Marketing and advertising
teams will often lean on ‘style guides’ to have consistent tone, voice, and
terminology for any outbound communications. It was only when I saw this same
style implemented by IT and security teams, that I realized good ideas are
not imprisoned in the place of birth. Then comes, Analysis. A detailed examination of something; leading to interpretation and sharing. That’s the definition of analysis. We’ll talk more about root-causes
and forensics in the next episode. For now, to win at the NIST framework, and response effectively, we need to direct analysis toward recovery. Which is the effect
we’re going for in the first place, so… effectiveness. This helps to prevent the incident expansion, and mitigate its effects. Because if we analyze where something is, and where it is going, we can stop it dead it its tracks. Finally… NIST call for us to eradicate the incident. Returning resources
back to a state of cyber hygiene. These are just some of NIST’s timely advisories to level-up our incident response. When you plan, communicate, analyze, and mitigate you naturally improve, in both, effectiveness and efficiency. Happy holidays everyone. We’ll see you again after
the calendar rolls over into 2019 where we will wrap up with the final pillar of NIST. So remember to
subscribe, you won’t want to miss it. We’ll see you next year.

1 Comment

One Reply to “NIST CSF – Respond | Cybersecurity Insights #8”

  1. Absolute says:

    0:12 – Skip the Intro

Leave a Comment

Your email address will not be published. Required fields are marked *