Identify, Protect, Detect, Respond and Recover

The Cybersecurity Framework consists of standards, guidelines and best practices for managing risk associated with cybersecurity. The priority-based, versatile and cost-effective approach of the Framework helps to promote the safety and stability of critical infrastructure and other sectors that are important to the economy and national security. The Critical Infrastructure Cybersecurity Framework, or the Cybersecurity Framework, as many of us refer to it, is collaborative guidelines for organizations to better manage and reduce their risk of cybersecurity.

The center of the Framework consists of five functions: Identifying, defending, detecting, reacting and recovering. The Framework offers a set of cybersecurity outcomes under these umbrella roles based on existing principles, guidelines and procedures that companies can tailor to better manage and reduce their risk of cybersecurity. 

Cyber Security Framework

Cyber Security Core Functions

Together, the five core functions provide a strategic view of the lifecycle of the cybersecurity risk management of an enterprise and should be viewed as a central point of reference. Here are the five roles and how to perform them:


Organizations need to develop an understanding of their environment in order to manage the risk of cyber security for networks, resources, information and capacities. In order to fulfill this function, full visibility of your digital and physical assets and their interconnections, defined roles and responsibilities, understanding your current risks and exposure, and putting in place policies and procedures for managing those risks is essential.


Organizations need to develop and implement the necessary protections to restrict or mitigate the effect of a possible cybersecurity incident. To comply with this requirement, the company should track access to digital and physical resources, provide awareness and training, set up processes to secure data, manage network configuration baselines and operations to fix system components in a timely manner, and implement protective technologies to ensure cyber resilience.


Organizations need to take appropriate action to detect cybersecurity incidents quickly. To serve this purpose, it is essential to introduce continuous monitoring solutions that detect anomalous activity and other threats to operational continuity. To foresee a cyber incident and have all the information at hand to respond to one, the company must have transparency in its networks. Continuous surveillance and tracking threats are very effective ways of detecting and avoiding cyber-attacks in ICS networks.


If a cyber incident occurs, the effects must be managed by organizations. To comply with this requirement, the company should create a response plan, identify communication lines among the relevant parties, collect and analyze information about the case, conduct all the activities necessary to eliminate the incident and integrate lessons learned into revised response strategies.


Organizations need to develop and implement effective activities to restore any capacity or services that have been impaired by a cybersecurity event. Your organization needs to have a recovery plan in place, coordinate recovery activities with outside parties, and incorporate lessons learned into your updated recovery strategy.