[Reading time: 28 seconds]

Drip.. drip.. drip..

Our house found another way to keep me awake last week.

This time, it was the sound of dripping water.

There was a water leak in the bathroom.


What has this got to do with cyber security?

If you have any involvement in IT security or operational resilience, you will eventually stumble upon the 5 functions of the NIST Cyber Security Framework (CSF)*. Even DORA uses the terminology, so it’s clearly the bees’ knees.**

The functions are:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover

Most people can quickly understand the first 3 functions, but struggle to understand the difference between Respond and Recover, both of which are crucial phases in incident response.


So what?

This is where a leaking pipe can help.

RESPOND involves:

  • Containment – Ensuring the problem does not get worse. For me, this meant putting a bucket under the leak.
  • Eradication – Identifying the underlying cause and fixing it. For me, this meant asking my neighbour for the number of their plumber, who thankfully had the know-how to find the source of the leak and to fix it.

RECOVER involves returning to normality and learning from the incident.

For me, that meant emptying the bucket.. and storing the plumber’s number in my phone!


* In version 2.0 of CSF, they have added a 6th (Govern) because we all know you can’t beat a bit of Governance.

** The phrase “the bee’s knees” means “excellent”, but I have no idea why.