Security teams need to understand the organization's most important assets and resources. Threat Management's Identify function which includes asset management, business environment, governance, risk assessment, risk management strategy, and supply chain risk management.
Threat Management's protect function covers the technical and physical security controls for developing and implementing safeguards while protecting critical infrastructure. Functionalities of the protect function include awareness/training, identity management and access control, data security, data protection procedures/processes, and protective/maintenance technology.
Threat Management's detect function implements procedures that alert to cyberattacks on an organization. Detect includes continuous security monitoring, early detection processes, anomalies, and events.
Threat Management's respond function ensures a response to cyberattacks and events. Respond functionality includes response planning, analysis, mitigation, communications, and improvements.
Recover activities implement procedures for cyber resilience and ensure business continuity during a cyberattack, security breach, or another cyber event. The functions include recovery planning and communications.