Skip to content
11:11 Systems
The Resilient Cloud Platform
11:11 Systems11:11 Systems
  • Why 11:11
    • Submenu
      • Column 1
        • 11:11 Systems Consulting
          Consulting Services
          Global Regions
          Cloud Regions
          11:11 Systems Security
          Security

      • Column 2
        • Cloud Console
          Cloud Console
          Catalyst
          Planning and Assessment
          Compliance
          Compliance

      • WHY CHOOSE 11:11
      • Overview
      • Leadership
      • News & Media
      • ESG Program
      •  
      • Careers
      • Technology Partners
      • Customer Stories
      • Innovation Blog
  • Products & Services
    • Products & Services

        • Cloud Overview
        • Managed Public Cloud
        • Private Cloud
        • Object Storage
        • Cloud Labs
        • Flexible Cloud Environment/Colocation
        • AWS Solutions
        • Managed OS Services
        • Managed DB Services

        Infrastructure as a Service

        Take a 30-day free trial of 11:11 Cloud.

        Cloud hosting built for your business.
        START FREE TRIAL
        REQUEST A QUOTE

        • Backup Overview
        • Veeam Backup
        • Microsoft 365 Backup
        • Managed Backup for Cohesity
        • Cyber Vault
        • Data Protection Services
        Backup as a Service

        11:11 Cloud Backup

        Protect your data wherever it lives.
        REQUEST A QUOTE
        REQUEST A DEMO

        • DRaaS Overview
        • DRaaS for Veeam
        • DRaaS for Zerto
        • DRaaS for Azure
        • DRaaS for Cohesity
        • Managed Recovery
        • Cloud Recovery
        • Cyber Recovery Platform
        • Infrastructure Recovery
        • Continuity Consulting Services
        • Disaster Recovery Consulting
        Disaster Recovery

        5TB 30Day Free Trial of DRaaS for Veeam

        Protect your business-critical workloads and reduce recovery time with the Leader in Disaster Recovery.
        START FREE TRIAL
        LEARN MORE

        • Security Overview
        • Continuous Risk Scanning
        • Managed Detection and Response
        • Managed SIEM
        • Managed EDR
        • Managed Firewall
        • Application and Zero Trust Services
        Security Services

        Take the first steps toward cyber resilience.

        Download our white paper and learn how to stay ahead of threats.
        REQUEST A QUOTE
        DOWNLOAD NOW

        • Networking Overview
        • SD-WAN
        • Managed Connectivity for AWS Direct Connect
        • Multi-Cloud Connect
        • Network Consulting Services
        Connectivity Services

        Transform your network.

        Take your infrastructure and performance to the next level.
        REQUEST A QUOTE
        WATCH VIDEO
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
    • Solutions Business Objective Submenu
      • BUSINESS OBJECTIVE
      • Cyber Resilience
      • Modernize
      • Protect
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Partner Portals
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • White Papers
      • Podcast
      • Data Sheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Product Documentation
      • API Documentation
Search:
  • Login
  • Contact
Header Right Menu
Free Trial
  • Why 11:11
    • Consulting Services
    • Cloud Console
    • Cloud Regions
    • Planning and Assessment
    • Security
    • Compliance
    • WHY CHOOSE 11:11
    • Overview
    • Leadership
    • News & Media
    • ESG Program
    • Careers
    • Technology Partners
    • Customer Stories
    • Blog
  • Products & Services
    • CLOUD
    • Cloud Overview
    • Managed Public Cloud
    • Private Cloud
    • Object Storage
    • Cloud Labs
    • Flexible Cloud Environment/Colocation
    • AWS Solutions
    • Managed OS Services
    • Managed DB Services
    • BACKUP
    • Backup Overview
    • Veeam Backup
    • Microsoft 365 Backup
    • Managed Backup for Cohesity
    • Cyber Vault
    • Data Protection Services
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS for Veeam
    • DRaaS for Zerto
    • DRaaS for Azure
    • DRaaS for Cohesity
    • Managed Recovery
    • Cloud Recovery
    • Cyber Recovery Platform
    • Infrastructure Recovery Services
    • Continuity Consulting
    • Disaster Recovery Consulting
    • SECURITY
    • Security Overview
    • Continuous Risk Scanning
    • Managed Detection and Response
    • Managed SIEM
    • Managed EDR
    • Managed Firewall
    • Application and Zero Trust Services
    • NETWORK
    • Network Overview
    • SD-WAN
    • Managed Connectivity for AWS Direct Connect
    • Multi Cloud Connect
    • Managed IP
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • BUSINESS OBJECTIVE
    • Cyber Resilience
    • Modernize
    • Protect
  • Partners
    • Overview
    • Become a Partner
    • Partner Portals
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Product Documentation
    • API Documentation
  • Contact
  • Login
  • Free Trial
Tags: The NIST CyberSecurity FrameworkCyberSecurity Awareness Month
Author: Jim Jones
Date: October 10, 2022

The NIST CyberSecurity Framework: Identify

Happy CyberSecurity Awareness Month! In the spirit of cybersecurity and awareness, 11:11 Systems will be taking the month of October to dive into the NIST CyberSecurity Framework, and how it can be used to help protect your business.

In case you missed our introductory post outlining the series, we definitely recommend you take a look. Here’s a brief overview: Essentially, the NIST CyberSecurity Framework (CSF) outlines a strategy to determine your organization’s risks, how to protect against them, and, in the case of an attack, how to respond and recover from them. 

In this post, we’ll discuss the first of the five key framework functions: Identification. While this function is a bit tedious, doing it correctly will form the bedrock of the rest of your information security practices. As a former Systems Administrator at a state government organization, I’ve been through this exercise, and the annual follow ups of the data, many times.

Talking it OutWhile there are defined categories of this step, as we are outlining below, the common theme of this function should be COMMUNICATION. Let’s be honest, even as the SysAdmin of the smallest shop, you aren’t going to know every way in which your users are using technology. It could be anything from your organization’s Microsoft 365 subscription to the USB key that an accountant is using to take spreadsheets home at night. With the rise of cloud-based SaaS, the threat vector is growing by the minute.

For this reason, your “Identification” exercise needs to begin with data gathering from the stakeholders within your business. This may be as simple as requesting managers outline what applications their reports are using and where the data is stored to leveraging automated security scanning and monitoring services such as 11:11 Continuous Risk Scanning to detect security vectors you didn’t know were there.

Most likely, your organization’s answer is going to be C: “All of the Above.” And this is where 11:11 can help. By working with you, we can help you identify what systems are your largest risks and start you on the path towards protecting them.

Identify the Identification Categories

  1. Asset Management: For those of us who have worked in Information Technology/Security, we all know the first step of fixing any problem: taking inventory. In this case, we need to talk about setting the ground work for modern Asset Management. This isn’t just tracking the serial numbers and warranty expiration of your field laptops anymore. Instead we must be concerned with knowing everywhere our data, personnel, systems, and facilities are. This can still absolutely be the salesperson’s laptop, but it can equally be a partner SaaS application or an IoT sensor in a corn field. We may not necessarily rate all of those things as equal, but we do need to know that they all exist. This is what the Asset Management category is for.
  2. Business Environment: I’ve always been a fan of the idea that the more your IT department understands your business, the better they can serve your needs. That is exactly what this step is about. To fully understand your business environment, you need to understand your organization’s mission and objectives and, of course, who the stakeholders are. This also must include knowing what activities are prioritized within the organization. While things like email are important, where does that rate compared to Line of Business applications or payroll?
  3. Governance: Before we can go about protecting our data and systems, we must understand what guardrails are already in place. This is where policies and procedures come in. As part of identifying your footing you must look at things like Computer Use and Abuse policies to make sure you are inline with your needs for internal risks, and Privacy Policies to know what is allowable in terms of storing personal data of stakeholders. These and other policies should be living documents that evolve with your business and technology over time, but always serve as the guides towards how you manage data.
  4. Risk Assessment: Here is where we really start to get into the continuous lifecycle of the NIST CSF. The word “identify” may feel like a “do this once” type of task, but the reality is there are new risks to your company and its security emerging every day. Risks can be everything from the USB key mentioned earlier to a version of OpenSSH being vulnerable to a 0-day exploit. To stay on top of this in a modern organization takes more than an anti-virus system, but instead a layered approach leveraging multiple monitoring and automated response systems. These systems can easily become too much for even a large IT team, so you may want to consider a Managed Security platform that consolidates this information into meaningful alerting and can even assist with response.
  5. Risk Management Strategy: You now know what you have, why you have it, what guidelines your organization utilizes, and what your risk baseline looks like. Now we have to take all of that data and develop a strategy based on the priorities, constraints, and risks you’ve identified.

  6. Supply Chain Risk Management: The final category of the “Identify” function is to look at your own supply chain. While often overlooked, your supply chain can insert great deals of risk into your organization’s CyberSecurity posture. This step includes understanding where all of your critical consumables come from, what kind of contracts are in use with them, what the terms of those contracts are, and what kind of disaster recovery plans those suppliers provide. You can secure your systems and business all you want but if a SaaS provider has weak security controls you now have potentially opened yourself up to new risk.

Conclusion

As you’ll be learning through the course of this blog series, the NIST CyberSecurity Framework should provide a set of thought exercises that are constantly changing and evolving with your business and the InfoSec landscape around it. In the “Identify” function you should consider looking at all facets of your business to fully understand what your business is, what its risks are, and how to begin to strategize managing those risks. While this seems like a Herculean task for organizations of all shapes and sizes, here at 11:11 Systems we have decades of experience in assisting you through these exercises and can help provide the tools and expertise to complete this successfully.

Categories: Cybercrime, Ransomware, SecurityBy Jim JonesOctober 10, 2022
Tags: The NIST CyberSecurity FrameworkCyberSecurity Awareness Month

Author: Jim Jones

Jim Jones is a Senior Product Infrastructure Architect on 11:11 Systems' Product Innovation team. He has more than 20 years of experience working as a SysAdmin in the SMB and Service Provider space. Jim has certifications from Cisco Systems, Cohesity, Veeam, and VMware. He is also a member of Cisco Champions, Veeam Vanguard, and VMware vExpert programs. You can follow him online on most platforms as k00laidIT. Jim's personal blog is https://koolaid.info.

Post navigation

PreviousPrevious post:What is the NIST CyberSecurity Framework?NextNext post:Celebrating Get To Know Your Customers Day

Related Posts

Digital Operational Resilience Act (DORA)
Helping the Financial Sector Deliver Secure and Modern Infrastructure through Regulation
July 10, 2025
vulnerability management
A Modern Approach to Managing Vulnerabilities
May 30, 2025
Cyber Resilience
Data Protection vs. Cyber Resilience: Mastering Both in the Complex World of Gambling
May 27, 2025
ransomware attack, worst day
The Remedy Against Ransomware: Insights from Our April 2025 Webinar
May 19, 2025
Cyber Resilience
Reimagining Cyber Resilience in the Gambling Industry: A Strategic Imperative for the Digital Age
May 13, 2025
effective passwords
Creating Effective Password Policies in Your Organization
May 5, 2025
PRODUCTS & SERVICES
  • Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Network as a Service
  • Compliance
COMPANY
  • Why 11:11
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD REGIONS
  • North America
  • EMEA
  • APAC
CONNECT
  • LinkedIn
  • X
  • Youtube

© 2025 11:11 Systems Inc., All Rights Reserved | Privacy Notice | Website Terms of Use |

Go to Top