Updated: May 13

Need help understanding your cybersecurity framework? If the answer is yes we are here to help. Fill out the online form and we'll contact you within the hour. Our passion for IT stretches over 19 years and we're happy to be of service.

The cybersecurity Framework is organized by five key Functions – Identify, Protect, Detect, Respond, and Recover.


  • Identify critical enterprise processes and assets – What are your enterprise’s activities that absolutely must continue in order to be viable? For example, this could be maintaining a website to retrieve payments, protecting customer/patient information securely, or ensuring that the information your enterprise collects remains accessible and accurate.

  • Document information flows – It’s important to not only understand what type of information your business collects and uses but also to understand where the data is located and flows, especially where clients and external partners are engaged.

  • Maintain hardware and software inventory – It’s important to have an understanding of the computers and software in your enterprise because these are frequently the entry points of malicious actors. This inventory could be as simple as a spreadsheet.

  • Establish policies for cybersecurity that include roles and responsibilities – These policies and procedures should clearly describe your expectations for how cybersecurity activities will protect your information and systems, and how they support critical enterprise processes. Cybersecurity policies should be integrated with other enterprise risk considerations (e.g., financial, reputational).

  • Identify threats, vulnerabilities, and risk to assets – Ensure risk management processes are established and managed to ensure internal and external threats are identified, assessed, and documented in risk registers. Ensure risk responses are identified and prioritized, executed, and results monitored.


  • Manage access to assets and information – Create unique accounts for each employee and ensure that users only have access to information, computers, and applications that are needed for their jobs. Authenticate users (e.g., passwords, multi-factor techniques) before they are granted access to information, computers, and applications. Tightly manage and track physical access to devices.

  • Protect sensitive data – If your enterprise stores or transmits sensitive data, make sure that this data is protected by encryption both while it’s stored on computers as well as when it’s transmitted to other parties. Consider utilizing integrity checking to ensure only approved changes to the data have been made. Securely delete and/or destroy data when it’s no longer needed or required for compliance purposes.

  • Conduct regular backups – Many operating systems have built-in backup capabilities; software and cloud solutions are also available that can automate the backup process. A good practice is to keep one frequently backed up set of data offline to protect it against ransomware.

  • Securely protect your devices – Consider installing host-based firewalls and other protections such as endpoint security products. Apply uniform configurations to devices and control changes to device configurations. Disable device services or features that are not necessary to support mission functions. Ensure that there is a policy and that devices are disposed of.

  • Manage device vulnerabilities – Regularly update both the operating system and applications that are installed on your computers and other devices to protect them from attack. If possible, enable automatic updates. Consider using software tools to scan devices for additional vulnerabilities; remediate vulnerabilities with high likelihood and/or impact.

  • Train users – Regularly train and retrain all users to be sure that they are aware of enterprise cybersecurity policies and procedures and their specific roles and responsibilities as a condition of employment.


  • Test and update detection processes – Develop and test processes and procedures for detecting unauthorized entities and actions on the networks and in the physical environment, including personnel activity. Staff should be aware of their roles and responsibilities for detection and related reporting both within your organization and to external governance and legal authorities.

  • Maintain and monitor logs – Logs are crucial to identify anomalies in your enterprise’s computers and applications. These logs record events such as changes to systems or accounts as well as the initiation of communication channels. Consider using software tools that can aggregate these logs and look for patterns or anomalies from expected network behavior.

  • Know the expected data flows for your enterprise – If you know what and how data is expected to flow for your business, you are much more likely to notice when the unexpected happens – and unexpected is never a good thing when it comes to cybersecurity. Unexpected data flows might include customer information being exported from an internal database and exiting the network. If you have contracted work to a cloud or managed service provider, discuss with them how they track data flows and report, including unexpected events.

  • Understand the impact of cybersecurity events – If a cybersecurity event is detected, your business should work quickly and thoroughly to understand the breadth and depth of the impact. Seek help. Communicating information on the event with appropriate stakeholders will help keep you in good stead in terms of partners, oversight bodies, and others (potentially including investors) and improve policies and processes.


  • Ensure response plans are tested – It’s even more important to test response plans to make sure each person knows their responsibilities in executing the plan. The better prepared your organization is, the more effective the response is likely to be. This includes knowing any legal reporting requirements or required information sharing.

  • Ensure response plans are updated – Testing the plan (and execution during an incident) inevitably will reveal needed improvements. Be sure to update response plans with lessons learned.

  • Coordinate with internal and external stakeholders – It’s important to make sure that your business's response plans and updates include all key stakeholders and external service providers. They can contribute to improvements in planning and execution.


  • Communicate with internal and external stakeholders – Part of recovery depends upon effective communication. Your recovery plans need to carefully account for what, how, and when information will be shared with various stakeholders so that all interested parties receive the information they need but no inappropriate information is shared.

  • Ensure recovery plans are updated – As with response plans, testing execution will improve employee and partner awareness and highlight areas for improvement. Be sure to update recovery plans with lessons learned.

  • Manage public relations and company reputation – One of the key aspects of recovery is managing your business reputation. When developing a recovery plan, consider how you will manage public relations so that your information sharing is accurate, complete, and timely – and not reactionary.

Ambit IT follows cybersecurity standards, guidelines, best practices, and other resources to meet the needs of SMBs and the broader public. To learn more contact us for a free hour of consultation.

33 views0 comments