There are certain outcomes that are generally consistent across security teams globally. While the methods used and the completeness/depth of the outcomes will vary greatly by the size of the organization and the sensitivity of the information they store/process, many outcomes are universal.
In the U.S., the National Institute of Standards and Technology (NIST) has created a framework that can help understand and perform evaluations against these common outcomes, called the Cybersecurity Framework (CSF). Using the CSF, this document reviews how the Pivotal Application Service (PAS) helps security teams achieve a number of their key outcomes for applications running on the platform. The five core functions captured in the framework are listed below. Organizations should continuously evaluate their application of the functions and the associated activities as part of their effort to address the dynamic cybersecurity risk.
1. Identify: Understand the organization and its assets in order to manage cybersecurity risk.
2. Protect: Implement the people, processes, and technologies needed to prevent cybersecurity
events/incidents from affecting critical services or data.
3. Detect: Develop integrated measures to identify a cybersecurity event/incident and the affected systems/services/data.
4. Respond: Prepare (and practice) measures to contain the impact from an identified cybersecurity incident
5. Recover: Maintain effective plans to return to normal operations following a cybersecurity incident.