NIST divides cybersecurity risk management into the following five functions: identify, protect, detect, respond and recover. In NIST-speak, a function is a high-level activity that expresses your company’s ability to organize relevant information to enable risk management decisions; to discover and address threats, vulnerabilities and their consequences; or to improve risk mitigation processes over time. Each of NIST’s five functions is broken down into categories, which express intended outcomes, and subcategories, which express the most common actions organizations can take to help achieve each outcome.