To work efficiently and purposefully with IT security, the NIST Cyber Security Framework (CSF) is often used. NIST stands for National Institute Standard Technology and has developed various frameworks for working with IT security. These are NIST CSF's five pillars; identify, protect, detect, respond, and recover.

Pillar #1 Identify

If you do not have an overview of your devices, you cannot take action to protect them. 

For example: It becomes known that “Printer 123” has a vulnerability that affects IT security. It is important to know whether you have such a printer or not! This applies not only to devices, but also software. Did you hear about the new data breach against Microsoft Exchange servers?

The first pillar in NIST is therefore to “identify”. It is about identifying problems and vulnerabilities by mapping the environment. This is a complete overview of users, devices, systems for all employees and suppliers. The overview is combined with a complete risk assessment of IT security.

Pillar #2 Protect

Always prepared, they say in the scouts. We also say this sometimes in Procano. Always be prepared for new threats and work continuously to keep the threat level low.

Pillar number two is about “protecting” against potential threats. Proactive work is done to protect users, devices, and systems. This is done through continuous improvements, training and good onboarding, maintenance, and systematic processes.

Pillar #3 Detect

The third pillar in the NIST CSF is about detecting intrusions, abnormal activity, and potentially harmful activities on the network. In order to do so, all processes must be logged and all services and processes must be monitored regularly. This way, abnormal activity can be detected, both through AI tools and manual controls.

Pillar #4 Respond

When unnatural activity occurs, it is about responding – quickly! It is important to plan well in advance; management can see what is stated in the IT policy, and the employees can refer to the IT instructions. 

To respond well, you should have a plan that can answer the following: 

• what should an employee do when something strange happens on the PC?

• who should the employees notify?

• what should happen with the PC in the meantime?

• what procedures should the IT responsible follow?

For larger companies, you should also find answers for: Who handles the media, should it be reported to the authorities, and should all computers be cleaned immediately? (hint: no).

Pillar #5 Recover

After a breach of IT security, it is important to restore normal production as quickly as possible. It can cost the company a lot of money to not have good routines in place, so it is important that all involved parties are familiar with the internal guidelines for IT security.

When restoring the company's IT environment, it is about BACKUP! The fifth pillar is about documenting procedures for backup, testing of backup, and recovery of it. The procedures should be able to provide sensible and understandable answers to questions such as; which systems are critical for our company, and if I have multiple servers – how should I prioritize when recovering data?

Wondering how to go about creating good routines for IT security? Contact Morten Halvorsen, our senior advisor, for a pleasant security chat!