Skip to content

Secure State IT and the Cyber Defense Matrix

Navigating the pool of technology vendors is overwhelming even for an IT professional.

The 5×5 matrix plots the five business critical assets on the Y axis and NIST’s five core functions on the X axis: Identify, Protect, Detect, Respond, and Recover. At the bottom it includes a gradient for dependencies. On the left side of the matrix there are functions better executed by technology and on the right side are areas where human expertise becomes more critical.

 

(see pictures from book cyber defense folder on desktop)

  1. Column 1 is all about Identifying and Inventorying. You can not protect that which you do not know.
    1. Devices: make a list of anything connected to the nework: Workstations, servers, phones, tablets, storage, network devices, IoT infrastructure, etc.
    2.  Applications: What applications does the business use? How do they handle data?
    3. Network: 
    4. Data: Data flow diagrams. Where does the data go? you will be surprised
    5. Users: Who has access and to what? Are old accounts pruned off?
  1. Column 2 is all about protection. Now that we have identified what we have we need to protect it.
    1. Devices: Physically and virtually 
    2.  Applications: External and internal facing 
    3. Network: LAN and WAN
    4. Data: Ransomware 
    5. Users: Who has access and to what? Are old accounts pruned off?
  1. Column 3 is all about detection. Protection is only good if we are notified of the detection .
    1. Devices: 
    2.  Applications: 
    3. Network: intrustion d
    4. Data: exfiltration 
    5. Users: 
  1. Column 4 is after boom and about  responding.
    1. Devices: 
    2.  Applications: 
    3. Network: 
    4. Data: 
    5. Users: 
  1. Column 5 is after boom and about recovering.
    1. Devices: 
    2.  Applications: 
    3. Network: 
    4. Data: 
    5. Users: 
Cyber Defense Matrix