In February 2013 the president of the United States issued Executive Order 13636, directing the National Institute of Standards and Technology (NIST) to take the best-known practices from industry and come up with a common Cybersecurity Framework for companies and government institutions. Understanding the basics of this framework can help IT organizations begin to develop their own cybersecurity plans. Working with people, process, and technology is required to successfully implement your new cybersecurity plan.First, let’s look at the Cybersecurity Framework. The framework consists of five security functions: Identify, Protect, Detect, Respond, and Recover. Each of these functions is broken down into several categories and subcategories.Cybersecurity FunctionsHere is a quick overview of the five Cybersecurity Framework functions.Identify the assets in your data center, how they are used in your business, the resources (human and physical) used in business context, and the risks to those assets. These can be documented using several different ways such as: asset inventory, business environment, governance plans, or risk mitigation plans.Protect the assets in your data center. Design, develop, and deploy processes and technology to ensure delivery of safeguards that deliver critical infrastructure services. The Protect function should limit or contain the impact of a security event. The results of the Protect function can include access control tools, security training, information protection plans, and other protective technologies.Detect cybersecurity events in your data center, holes in infrastructure security, and process/procedure inadequacies. The results of this function can include things like anomaly reports, security monitoring, detection processes, and audit processes.Respond to events from the Detect function. The goal of this function is to have an appropriate response to the threats detected during the Detect function. The results of this function can include response plans, communications, escalation plans, mitigation, and improvement plans.Recover from cybersecurity events detected during the Detect function. The goal of the Recover function is to bring your infrastructure back to a normal secure state. The results of this function can include recover plans, continuous improvement plans, and communication.Implementing a Cybersecurity FrameworkThe first part of implementing a good security plan is to understand the key elements of security. The Cybersecurity Framework is a good start, but it does not cover everything that needs to be done. You also need to understand the assets at your disposal including people, process, and technology. I will leave the people and process part for another blogger. Let’s focus on technology. Specifically let’s talk about Software-Defined Infrastructure (SDI) and how it can help you implement a Cybersecurity Framework. SDI Architecture overviewHere is a quick overview of the SDI Architecture. Orchestration and Control – orchestrates compute, storage, and network together in secured domains in response to user requestsTelemetry – brings raw data from the infrastructure and applications to analytics for analysisAnalytics – takes raw data and analyzes it so actions can be takenPolicy Framework – analysis from the analytics is combined with the policy engine so the orchestration and control can request changes to the infrastructureSoftware-Defined Storage – control of storage resources through a software APISoftware-Defined Network – control of network resources through a software APISoftware-Defined Compute – control of compute resources through a software APISoftware-Defined Security – creation of security domains with resources and software toolsSDI and Cybersecurity FrameworkLet’s map the Cybersecurity Framework to the different parts of the SDI architecture. Identify – Infrastructure gives you a list of all of the infrastructure resources in your private cloudProtect – The Policy Framework gives the ability to implement access controlDetect – Telemetry and the Analytics components give the ability to detect anomalies and intrusions into the data center infrastructureRespond – Policy and Orchestration allows you to implement how to respond to specific cybersecurity eventsRecover – Policy and Infrastructure allows you to change policy to cover newly detected cybersecurity eventsThese are just a few examples of how these functions can be implemented using elements of SDI. The lesson here is to begin to understand the possibilities. Coming up with your own mappings will be key to your success in implementing a good Cybersecurity Framework for your business. Related content opinion A Cloudy Christmas Carol By Jamie Tischart Dec 13, 2016 6 mins Security opinion Should I Build or Should I Buy Now? By David Gerendas Dec 06, 2016 5 mins Security opinion You Can Outsource the Work, but You Cannot Outsource the Risk Threats, regulations, and vendor responses to risks in the cloud. By Jamie Tischart Nov 29, 2016 3 mins Security opinion Cloud vs. Cloud Poisoning machine learning By Jon King Nov 15, 2016 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe