Framework Area
Identify
The organization’s current cybersecurity risks are understood.
Understanding the organization’s assets (e.g., data, hardware, software, systems, facilities, services, people), suppliers, and related cybersecurity risks enables an organization to prioritize its efforts consistent with its risk management strategy and the mission needs identified under GOVERN.
This Function also includes the identification of improvement opportunities for the organization’s policies, plans, processes, procedures, and practices that support cybersecurity risk management to inform efforts under all six Functions.
Categories
Explore the categories within the Identify function
Asset Management ensures that all organizational assets—hardware, software, systems, data, and third-party services—are identified, tracked, and managed throughout their lifecycle.
It supports effective cybersecurity by maintaining accurate inventories, understanding data flows, assigning responsibilities, and prioritizing assets based on their importance to the mission.
Risk Assessment identifies and evaluates threats, vulnerabilities, and potential impacts to determine inherent cybersecurity risks.
It supports informed decision-making through threat intelligence, vulnerability analysis, risk prioritization, and response planning.
It also includes assessing authenticity and integrity of assets and suppliers before use.
Improvement focuses on continuously enhancing cybersecurity capabilities by learning from evaluations, testing, operations, and real-world incidents.
It ensures that response plans and procedures are regularly updated and refined, incorporating lessons learned and adapting to changing conditions.
ResponseHub is the product I wish I had when I was a CTO
Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.
As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!
I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.
