Cybersecurity Framework Functions
Tap each section to learn more.
Includes assessing cybersecurity risk to systems, people, assets, data, and capabilities. Do your customers understand what their vulnerabilities are? Where are all of their physical and software assets located? Have they put policies and procedures in place?
• General Cybersecurity Consulting
• Vulnerability Assessments
• Penetration Testing
• Compliance Readiness
• Phishing Simulation
• Awareness Training
Outlines appropriate safeguards to ensure delivery of critical infrastructure services and the ability to limit the impact of a potential cybersecurity event. Includes staff training, identity management (physical and remote), maintenance activities, and data security (encryption).
• Managed Security Services (Firewall, Web, Email)
• Global DDoS Protection
• Endpoint Protection
• Managed Cloud Firewall
• Web Application Firewall
• Privacy & Data Protection
Defines the activities for timely discovery of a cybersecurity event. Includes the appropriate processes and resources to detect anomalies and ensure continuous monitoring.
• Security Log Monitoring (SIEM)
• SOC (Security Operations Center) as a Service
• Advanced Threat Detection and Awareness
• Machine Learning / AI
• Managed Security Service (MSS)
• Managed Detect and Respond (MDR)
• Managed Endpoint Detect and Respond (EDR)
Includes the activities required to take action and contain a detected cybersecurity incident, such as a communications plan for internal and external stakeholders and a regularly tested incident response plan.
• Incident Response, Containment & Eradication
• Active Remediation, MSS & Endpoint Response
• Active SOC Response
• Advanced Global Incident Response
• Active Endpoint Threat Response
Supports timely recovery of impaired services or capabilities back to normal operations to reduce the impact from a cybersecurity incident. Includes recovery planning processes and procedures to restore systems/assets, root cause analysis and implementing improvements, and post-recovery internal and external communications.
• Asset Reconstruction and Recovery
• Continuity Planning