SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

SDA

SDA

TIP
Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

UEBA
User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

AD + ML
User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Mail us to sales@securityvision.ru or get demo presentation

GRC

GRC

RM
Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM
Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM
Compliance Management

Audit of compliance with various methodologies and standards

BCM
Business Continuity Management

Automation of ensuring continuity and restoration of activities after emergencies.

OTS
Operational Technology Security

Operational Technology Security

Mail us to sales@securityvision.ru or get demo presentation

DEMO
presentation

SOT

Technology
SOAR

Security Orchestration, Automation and Response
NG SOAR

Next Generation SOAR
AM

Asset Management
VS

Vulnerability Scanner
VM

Vulnerability Management
FinCERT

Financial Computer Emergency Response Team
GovCERT

Government Computer Emergency Response Team

GRC

Processes
RM

Risk Management
ORM

Operational Risk Management
CM

Compliance Management
BCM

Business Continuity Management
OTS

Operational Technology Security

SDA

Analytics
TIP

Threat Intelligence Platform
UEBA

User and Entity Behavior Analytics
AD + ML

User and Entity Behavior Analysis

All products

SOT

Technology

SOAR

Security Orchestration, Automation and Response

NG SOAR

Next Generation SOAR

AM

Asset Management

VS

Vulnerability Scanner

VM

Vulnerability Management

FinCERT

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

GRC

Processes

RM

Risk Management

ORM

Operational Risk Management

CM

Compliance Management

BCM

Business Continuity Management

OTS

Operational Technology Security

SDA

Analytics

TIP

Threat Intelligence Platform

UEBA

User and Entity Behavior Analytics

AD + ML

User and Entity Behavior Analysis
All products
Clients FAQ

NIST CSF 2.0 implementation

NIST CSF 2.0 implementation
23.10.2025

Yuri Podgorbunsky, Security Vision


What exactly is NIST CSF 2.0?


The NIST Cybersecurity Framework 2.0 is a cybersecurity Framework (CSF) developed by the U.S. National Institute of Standards and Technology (NIST) to provide organizations with a comprehensive and flexible approach to managing and reducing cybersecurity risks using a taxonomy of common information security metrics. It can be used by any organization, regardless of its size, industry, or level of development.


CSF includes the following components:


- The CSF core, which is a taxonomy of high-level cybersecurity outcomes that can help any organization manage information security risks. The main components of CSF are a hierarchy of functions, categories, and subcategories;
- The CSF Organizational Profile, which is a mechanism for describing the current and/or target state of an organization's cybersecurity in terms of Core CSF results;
- CSF levels that can be applied to CSF organizational profiles to characterize the rigor of cybersecurity risk management and cybersecurity risk management practices in an organization.


CSF Core


The CSF core structure consists of 6 functions, which include 20 categories containing a number of subcategories. The CSF core functions are presented below.


РИС 1png.png

Fig. 1. CSF core functions


CSF Core functions and Categories


Management:
- Organizational context;
- Risk management strategy;
- Roles, responsibilities and powers;
- Politics;
- Supervision;
- Cybersecurity risk management in the supply chain.


Identification:
- Asset management;
- Risk assessment;
- Improvement.


Protection:
- Identity, authentication, and access control management;
- Awareness raising and training;
- Data security;
- Platform security;
- Sustainability of the technological infrastructure.


Detection:
- Continuous monitoring;
- Analysis of undesirable events.


Response:
- Incident management;
- Incident analysis;
- Reporting and communication on incident response;
- Elimination of the consequences of incidents.


Recovery:
- Implementation of an incident recovery plan;
- Communication on incident recovery.


The functions of the CSF core are considered in parallel. Actions supporting Management, Identification, Protection, and Detection should be performed continuously, and actions supporting Response and Recovery should be ready at all times and implemented when cybersecurity incidents occur. All functions play a vital role related to cybersecurity incidents. The results of Management, Identification, and Protection help prevent and prepare for incidents, while the results of Management, Detection, Response, and Recovery help detect and manage incidents.


CSF Organizational Profile


The organizational profile describes the current and/or target state of an organization's cybersecurity in terms of CSF core assessment results. Organizational profiles are used to understand, adapt, evaluate, and prioritize cybersecurity outcomes based on the organization's mission objectives, stakeholder expectations, threat landscape, and requirements. The organization can then act strategically to achieve these results. These profiles can also be used to assess progress towards achieving target results and to communicate relevant information to stakeholders.


The organizational profile is implemented as a process and includes the following sequential steps:
- Definition of the scope;
- Collecting information for profile preparation;
- Create a profile;
- Analysis of the current and target profile;
- Implementation of the action plan.


The organizational profile also includes one or both of the following elements:
- The current profile defines the main results that the organization is currently achieving, as well as characterizes how or to what extent each result is achieved.;
- The target profile defines the desired outcomes that the organization has selected and prioritized to achieve its cybersecurity risk management goals.


Achieving progress over time using organizational profiles is presented below.


РИС 2.png

Figure 2. Making progress over time


CSF Levels


CSF levels are necessary to understand how mature cybersecurity processes are at the time of their last assessment and the assessment that was conducted earlier (if conducted).


The maturity levels of cybersecurity processes are as follows:
- Level 1 "Partial" (cybersecurity risk management is carried out on a one-time basis);
- Level 2 "Risk awareness" (cybersecurity risk management is approved by management, but may not be regulated by the information security policy);
- Level 3 "Repeatable" (cybersecurity risk management methods in the organization are officially approved and expressed in the form of an information security policy);
- Level 4 "Adaptive" (there is an enterprise-wide approach to cybersecurity risk management that uses risk-based policies, processes, and procedures to respond to potential cybersecurity events).


Realization


Risk management in the Organization


Risk management in the Organization is carried out at the following levels:
- Corporate;
- Organizational;
- The system one.


At the corporate level, the organization's management determines the mission, priorities, risk appetite, and budget. Information about current and future cybersecurity risks is provided from the organizational level to the corporate level. At the corporate and organizational levels, managers take into account various legal requirements and determine risk tolerance. A cybersecurity risk management strategy is also being developed at this level.


At the system level, organizational and technical information protection measures are taken to achieve an acceptable level of risk in terms of the following functions: Protection, Detection, Response and Recovery (they can be automated using the following security vision products: risk management (RM), Security, profile compliance (CTC), security orchestration, automation and response (SOAR), Business Continuity Management (BCM)).


Formation of the CSF organizational profile


Defining the scope


The scope defines the general facts and assumptions on which the profiles will be based. You can create any number of organizational profiles, each with a different scope. When defining the profile scope, you need to answer the following questions:
- What is the reason for creating an organizational profile?
- Will the profile cover the entire organization? If not, which divisions, information assets, technology assets, products and services of the organization, as well as partners and suppliers will be included?
- Will the profile cover all types of cybersecurity threats, vulnerabilities, attacks, and defenses? If not, which types will be included?
- Which individuals or teams will be responsible for the development, verification and implementation of the profile?
- Who will be responsible for setting expectations regarding actions to achieve the target results?


An organization can use multiple profiles. Each profile can have a specific application area based on factors such as:
- Technology category (IT, OT);
- Types of data (personal data, bank secrecy, etc.);
- Users (employees, third parties).


It may be useful to combine two or more profiles if the application areas overlap.


Collecting information for profile preparation


Information is collected both internally, through various organizational and administrative documents, and externally: laws, presidential decrees, orders from federal agencies, etc.


Creating a profile

To create a profile, each CSF subcategory is evaluated in terms of its implementation – this will be the "Current Profile".
Eg:
Function: "Management"
Category: Organizational Context (OK)
Subcategory: OK-01 The organization's mission is to understand and inform cybersecurity risk management.
Implementation: The organization's mission has been brought to the attention and considered when planning cyber risk management.
OK-02 Internal and external stakeholders, as well as their needs and expectations regarding cybersecurity risk management, are understood and taken into account.


Implementation: internal and external stakeholders identified:
- IT department;
- HR;
- Production division;
- Legal Department.


External stakeholders:
- Partners;
- Clients;
- Contractors;
- FSTEC of Russia and its requirements for the protection of critical information infrastructure or personal data;
- The NCC with its requirements for notification of information security incidents.


The requirements and needs of the stakeholders are taken into account.


Category: Risk Management Strategy (SD)
Subcategory: UR-01 Risk management objectives are established and agreed upon with stakeholders.
Implementation: the objectives of risk management are established, agreed upon and communicated.
UR-02 Statements of risk appetite and risk tolerance are compiled, communicated, and maintained.
Implementation: Risk appetite and risk tolerance are identified and communicated.


Category: Roles, Responsibilities and Powers (RO)
Subcategory: RO-02 Roles, responsibilities, and powers related to cybersecurity risk management are established, communicated, understood, and applied.
Implementation: Roles, responsibilities, and authorities for all CSF functions are defined in the RACI matrix and communicated.


Definition of CSF levels (optional)


When evaluating subcategories to categories, it is recommended to determine CSF levels from level 1 (minimum) to level 4 (effective workflow). In this case, after evaluating all the functions and their categories, it will be seen how mature the cybersecurity processes in the organization are.


After creating the "Current Profile", a "Target Profile" is created, which should include the goals to be pursued and the priority:
- High;
- Average;
- Low.


Analysis of the current and target profile


Identifying and analyzing the differences between the Current and Target Profiles allows you to identify gaps and, accordingly, develop an action plan with priorities for their implementation.


Implementation of the action plan


In addition to the gaps, the action plan should take into account:
- Goals;
- Driving forces of the mission;
- Advantages;
- Risks;
- People, processes, technologies;
- Improvements.


Conclusion


Advantage of NIST CSF implementation:

1) Improved cybersecurity risk management:
CSF provides a systematic method for identifying, evaluating, and controlling cyber risks, allowing organizations to prioritize efforts and direct resources to where they are most needed.


2) Increased resistance to cyber threats:
The implementation of CSF helps organizations to more effectively prevent, detect, respond, and recover from cyber incidents, which is critically important in the face of ever-changing threats.


3) And also, it can be used as a checklist to check how comprehensively cybersecurity measures are implemented in an organization.

Recommended

How Zeek and Malcolm help you not only passively analyse network traffic, but also respond to threats in a timely manner
How Zeek and Malcolm help you not only passively analyse network traffic, but also respond to threats in a timely manner

06.03.2025

Analysis of MDR and TDIR (XDR) concepts: architecture, technologies and practical implementation
Analysis of MDR and TDIR (XDR) concepts: architecture, technologies and practical implementation

05.06.2025

From tactical indicators to strategic solutions Security Vision TIP Review
From tactical indicators to strategic solutions Security Vision TIP Review

30.03.2026

Vulnerability search methods and types of scanners
Vulnerability search methods and types of scanners

20.01.2025

Features of strategic and operational thinking
Features of strategic and operational thinking

13.11.2025

Security analysis
Security analysis

23.03.2026

Cybersecurity incident response scenarios. Part 2: runbooks, playbooks, dynamic scripts
Cybersecurity incident response scenarios. Part 2: runbooks, playbooks, dynamic scripts

13.10.2025

CyBOK. Chapter 3. Laws and regulations. Part 8
CyBOK. Chapter 3. Laws and regulations. Part 8

07.05.2026

Certification and safe development: in simple language
Certification and safe development: in simple language

03.04.2025

IT asset management
IT asset management

09.09.2024

From user journey to secure systems: how UX / UI impacts cybersecurity
From user journey to secure systems: how UX / UI impacts cybersecurity

06.02.2025

Bad advice on automation
Bad advice on automation

31.07.2025

Recommended

How Zeek and Malcolm help you not only passively analyse network traffic, but also respond to threats in a timely manner

06.03.2025

How Zeek and Malcolm help you not only passively analyse network traffic, but also respond to threats in a timely manner
Analysis of MDR and TDIR (XDR) concepts: architecture, technologies and practical implementation

05.06.2025

Analysis of MDR and TDIR (XDR) concepts: architecture, technologies and practical implementation
From tactical indicators to strategic solutions Security Vision TIP Review

30.03.2026

From tactical indicators to strategic solutions Security Vision TIP Review
Vulnerability search methods and types of scanners

20.01.2025

Vulnerability search methods and types of scanners
Features of strategic and operational thinking

13.11.2025

Features of strategic and operational thinking
Security analysis

23.03.2026

Security analysis
Cybersecurity incident response scenarios. Part 2: runbooks, playbooks, dynamic scripts

13.10.2025

Cybersecurity incident response scenarios. Part 2: runbooks, playbooks, dynamic scripts
CyBOK. Chapter 3. Laws and regulations. Part 8

07.05.2026

CyBOK. Chapter 3. Laws and regulations. Part 8
Certification and safe development: in simple language

03.04.2025

Certification and safe development: in simple language
IT asset management

09.09.2024

IT asset management
From user journey to secure systems: how UX / UI impacts cybersecurity

06.02.2025

From user journey to secure systems: how UX / UI impacts cybersecurity
Bad advice on automation

31.07.2025

Bad advice on automation

Other articles

AI vs. AI (Cyber Threat Attack and Defense)
AI vs. AI (Cyber Threat Attack and Defense)

26.03.2026

Flooding: from harmless noise to cyberattack
Flooding: from harmless noise to cyberattack

24.03.2025

DMA attack and defense against it
DMA attack and defense against it

28.04.2025

ARP spoofing (ARP spoofing, ARP poisoning): what it is
ARP spoofing (ARP spoofing, ARP poisoning): what it is

24.02.2025

Security Vision SOAR and NG SOAR Upgrade Capabilities
Security Vision SOAR and NG SOAR Upgrade Capabilities

15.05.2025

CVSS evolution and vulnerability assessment example analysis
CVSS evolution and vulnerability assessment example analysis

04.08.2025

Certification and safe development: in simple language
Certification and safe development: in simple language

03.04.2025

Authorization
Authorization

07.04.2025

Dynamic behavioral analysis and its tools
Dynamic behavioral analysis and its tools

08.12.2025

Other articles

AI vs. AI (Cyber Threat Attack and Defense)

26.03.2026

AI vs. AI (Cyber Threat Attack and Defense)
Flooding: from harmless noise to cyberattack

24.03.2025

Flooding: from harmless noise to cyberattack
DMA attack and defense against it

28.04.2025

DMA attack and defense against it
ARP spoofing (ARP spoofing, ARP poisoning): what it is

24.02.2025

ARP spoofing (ARP spoofing, ARP poisoning): what it is
Security Vision SOAR and NG SOAR Upgrade Capabilities

15.05.2025

Security Vision SOAR and NG SOAR Upgrade Capabilities
CVSS evolution and vulnerability assessment example analysis

04.08.2025

CVSS evolution and vulnerability assessment example analysis
Certification and safe development: in simple language

03.04.2025

Certification and safe development: in simple language
Authorization

07.04.2025

Authorization
Dynamic behavioral analysis and its tools

08.12.2025

Dynamic behavioral analysis and its tools

This website uses cookies to ensure you get the best experience.