The Protect function aims to deploy services that reduce risk to critical information and operations from threats. The proper protection will limit the amount of damage when cyberattacks do occur, to limit the blast-radius.
NIST lists the following as categories of activities:
- Identity Management and Access Control – Long term continuous project, led by IT
- Awareness and Training – Long term continuous project, led by Security
- Data Security – Long term continuous project, led by Security
- Information Protection Processes and Procedures – Long term continuous project, led by IT
- Maintenance (ex: patching) – Very large, challenging long term continuous project, led by IT
- Protective Technology – Small quarterly or annual projects
Traditionally, the Protect function stopped at a firewall. However, the concepts of Zero Trust and Defense in Depth changed the old way of thinking. Now, every asset, whether data or physical, logical, virtual infrastructure needs some sort of protection. Protection projects are usually cross-functional as they touch multiple company organizations. For example, shaping traffic on a network to isolate business functions and increase visibility requires both security and network personnel. Locking down user machines requires a joint effort between security and system administrators. Locking down the development pipeline requires a joint effort between security and developers. Building a Protect strategy that aligns with company profit targets is a challenge!
The Protect function is often a combination of large projects with a variety of internal stakeholders and external service providers and products.
![](https://cdexos.com/wp-content/uploads/2022/12/NIST-5-Core-Functions.png)