Lesson 8: The Five-Function Doctrine — From Theory to Practice
Last lesson we learned how to identify risk and decide how to treat it. This lesson moves to practice: how the Israeli defense doctrine translates that into one working structure — five functions operating in a closed cycle — and which bodies in Israel are actually responsible for cyber and privacy
In brief: the Israeli defense doctrine is organized around five actions — Identify, Protect, Detect, Respond, Recover — that repeat in a cycle. In Israel three bodies split the responsibility: the Cyber Directorate (systems), the Privacy Authority (data and rights), and the Digital Directorate (the government itself).
- The Five-Function Doctrine
- The core structure of the Israeli cyber-defense doctrine: Identify, Protect, Detect, Respond, and Recover — operating in a closed cycle, structurally parallel to the NIST CSF framework.
- Control Family
- A group of security controls associated with a specific function (e.g. access control, encryption, and network security all belong to 'Protect').
- National Cyber Directorate
- The central body responsible for protecting Israel's civilian cyber space, reporting directly to the Prime Minister. Operates CERT-IL, guides critical infrastructure, regulates the cyber market, and runs the 119 hotline.
- Privacy Protection Authority
- The regulator responsible for personal data, under the Ministry of Justice. Enforces the privacy law, manages database registration, and investigates personal-data breaches.
- National Digital Directorate
- Responsible for the government's digital transformation and information systems, including יה"ב (government cyber defense) and Project Nimbus (the government's move to the cloud).