This article is the twelfth in our ongoing series exploring the NIST Cybersecurity Framework. Last month, we completed the Identify and Protect functions. Next up: Detect.
What, you ask, there’s no “Prevent” function? Well, no, not in name. Still, prevention certainly occurs when you Identify and Protect, as anyone can attest who has implemented strong asset management and access control policies. In addition, prevention does not necessarily require zero incidents. When faced with a network compromise, companies can prevent actual harm (the ultimate goal of any program) through quick detection and response. Similar to health screenings for invasive disease, the notion is to catch bad things early enough to make a difference.