Home › BCA Cyber Security › cybersecurity › Cybersecurity Fundamentals › Which NIST CSF function focuses on developing or…
Which NIST CSF function focuses on developing organisational UNDERSTANDING of cybersecurity risk to systems, assets, data, and capabilities?
AIdentify (ID)
BProtect (PR)
CDetect (DE)
DRespond (RS)
Answer & Solution
Correct answer: A. Identify (ID)
1. The IDENTIFY function builds the foundation: knowing what you have and what risks apply.
2. Categories include: Asset Management (ID.AM), Business Environment (ID.BE), Governance (ID.GV), Risk Assessment (ID.RA), Risk Management Strategy (ID.RM), Supply Chain Risk (ID.SC).
3. Without proper Identify activities, the other functions miss critical assets and fail.
4. PROTECT (B) is implementation of safeguards. DETECT (C) is monitoring. RESPOND (D) is incident handling.
_Source: NIST Cybersecurity Framework v1.1, §2.1 — Identify Function, p. 6-7._
Related questions
A HASH FUNCTION (e.g. SHA-256) used for password storage should beWhich of the following is a TYPE of MALWARE that encrypts files and demands payment for thA SECURITY INCIDENT is BEST defined asDEFENSE IN DEPTH is a strategy thatWhich authentication method requires the user to present at least TWO different categoriesPRINCIPLE OF LEAST PRIVILEGE states thatRisk is commonly expressed as a function ofWithin the RESPOND function, ANALYSIS of detected incidents and COMMUNICATIONS with stakeh