M9 ASSIGNMENT SPEAKER NOTES

docx

School

Bellevue University *

*We aren’t endorsed by this school

Course

611

Subject

Computer Science

Date

Apr 3, 2024

Type

docx

Pages

6

Uploaded by Manojmanu7

Report
CIS611-T301 M9 ASSIGNMENT MANOJ KUMAR MARRIBOYINA 21430414 PROFESSOR: PETER HOFFMAN Cyber Security Frameworks -NIST 800- 53r5 and ISO 27001-27002
What are Security Frameworks? Security Frameworks are organized collections of standards, best practices and recommendations that are intended to assist businesses in managing and strengthening their cyber security posture. Risk management, threat detection and response, access, control, data protection and regulatory compliance are just a few of the cyber security related issues that these frameworks offer a methodical way to handle. Some of the Security Frameworks are: 1. NIST (National Institute of Standards and Technology) Cyber security Framework 2. ISO (International Organization for Standardization) 27000 Series 3. COBIT (Control Objectives for information and Related Technologies) 4. CIS Controls 5. PCI DSS (Payment Card Industry Data Security Standard) 6. NIST 800-53r5 What is NIST 800-53r5 1.NIST 800-53 framework, fifth revision. 2.sustains all essential infrastructural sectors, including the federal government. 3.An inventory of information systems' privacy and security measures 4.Businesses to safeguard a business. 5.Eighteen control families make up this version. 6.Different requirements are addressed by these controls Changes in NIST 800-53r5 1. Alteration in the controls' structure. 2. Adding complete privacy controls to the security catalog.
3. Lessening the emphasis on the federal level so that non-federal organizations can also follow the rules. 4. Incorporating fresh safeguards derived from empirical attack data and threat intelligence. 5. Modifying the control selection procedure so that several departments can use it. Benefits of NIST 800-53r5 1. Risk-Reduction 2. advises using standard privacy and security principles. 3. offers safeguards for the System and Service Acquisition (SA) 4. Supply Chain Risk Assessment 5. improves all sectors' foundational systems, offerings, and goods. 6. Conformity What is ISO 27001 and 27002 1.Through the implementation of an Information Security Management System (ISMS), ISO 27001 offers a framework to assist enterprises of any size or industry in protecting their data in a methodical and economical manner. 2.When implementing the security measures specified in ISO 27001, this publication offers information on best practices. 3.ISO 27001 enables a business to obtain an audited certification on its own. This is the only cybersecurity standard that provides this. ISO 27000 Series 1. Information Security Management System (ISMS) requirements are provided by ISO 27001 2. Maintains the CIA (Confidentiality, Integrity, and Availability). 3. Contains the Plan, Do, Check, Act (PDCA) cycle Structure of ISO 27001 1. Is divided into ten sections. 2. Attached
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
3. Reference List ISO 27002 Standard 1.Not as official as the ISO/IEC 27001 standard. 2. Suggests implementing information security measures that put the CIA's data at danger. 3.The structure will consist of 19 distinct sections. ISO 27001 vs. 27002 Benefits of ISO 27001 Standards 1.Minimize the likelihood of cyberattacks 2.Respect for multiple laws and guidelines 3.Decrease in running expenses 4.Avoids penalties and reputational damage 5.Keeping customers around 6.Alterations in awareness and culture Benefits of ISO 27002 Standards An increased understanding of information security 1. More control over sensitive resources and data 2. A method for putting control rules into practice 3. Possibility to recognize and address shortcomings 4.Limiting the possibility of being held liable for failing to establish rules and procedures or deploy an ISMS 5. It turns into a differentiator in the marketplace to attract clients who respect certification. Difference between the standards of NIST 800-53r5 Vs ISO 27001-27002 1.Frameworks for risk management are comparable. 2.NIST was established to assist US government entities. 3.ISO is a globally acknowledged methodology. 4.NIST is more focused on security controls. 5.ISO is more concerned with risk.
6.When it comes to government information systems, NIST 800-53 offers a large range of control families that support best practices. 7.NIST 800-53r5 is required for federal agencies, in contrast to ISO 27001: For instance, if you are a manufacturer producing goods for a federal agency, your contract might include a requirement to adhere to NIST 800-53r5 and/or related NIST standards. 8.While NIST 800-53r5 is primarily focused on security, ISO 27001 is less technical and more risk-oriented. Managing NIST 800-53 in AWS (NIST CSF compliance, 2019) 1.Security and compliance are ultimately shared responsibilities between AWS and the cloud customer, as demonstrated by the independent validation of AWS against NIST 800-53 procedures. 2.NIST security guidelines are adhered to by AWS. 3.specific compliance guidelines 4.Technological safeguards 5.ongoing oversight of compliance Companies that offer cloud services and adhere to these standards. The earlier iteration of the NIST 800-53 standard is compatible with Amazon Web Services (AWS). 1.Azure conforms to NIST 800-53 revision 5 requirements. 2.Azure has demonstrated its compliance with the NIST 800-53 standard by implementing the AC-2 and AC-3 Controls. The account management control is AC- 2, and the access enforcement control is AC-3. 3.A subscription should have a maximum of three owners assigned to it, per Azure's account management example. Thus, the likelihood of a breach by a weakened owner is decreased. 4.Using Azure as an example, all subscription accounts with owner permissions should have Multi-Factor Authentication (MFA) activated to guard against account or resource breaches. 5.Google Cloud adheres to the Federal Risk and Authorization Management Program (FedRAMP), which is a government-wide initiative that offers a standardized method for the security evaluation, approval, and ongoing observation of cloud-based goods and services. This facilitates NIST 800-53 compliance for its services. Reference:
NIST - Amazon Web Services (AWS). (n.d.). Amazon Web Services, Inc. https://aws.amazon.com/compliance/nist/ Security and Privacy Controls for information ... - NIST. (n.d.). Retrieved February 14, 2022, from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf The Complete Guide to Understanding Cybersecurity Frameworks. Dark Cubed. (n.d.). Retrieved February 14, 2022, from https://darkcubed.com/cybersecurity-frameworks# Roncevich, T. (n.d.). What is the ISO 27001 and do you need it? CyberGuard Compliance: Regulatory Compliance, Audits, SSAE 18. Retrieved February 14, 2022, from https://info.cgcompliance.com/blog/what-is-the-iso-27001-and-do- you-need-it www.isect.com, I. T. L. (n.d.). ISO/IEC 27001:2013 - information technology - security techniques - information security management systems - requirements (second edition). ISO/IEC 27001 certification standard. Retrieved February 14, 2022, from https://iso27001security.com/html/27001.html ISO 27002, the Information Security Management System Framework. ISMS.online. (n.d.). Retrieved February 14, 2022, from https://www.isms.online/iso-27002/ NIST CSF compliance. NIST 800-53 management for AWS. Dash Solutions. (2019, October 22). Retrieved February 14, 2022, from https://www.dashsdk.com/aws-nist-800-53-compliance/ https://docs.microsoft.com/en-us/azure/governance/policy/samples/gov-nist-s p-800-53-r5 NIST 800-53 vs ISO 27002 vs NIST CSF (2023). (2023, July 10). Kyloot. https://kyloot-com.ngontinh24.com/article/nist-800-53-vs-iso-27002-vs-nist-csf
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Journal.docx
HW3.pdf
FIR 3307 UNIT VII PROJECT.docx
M9 ASSIGNMENT.pptx
WEEK 5 sql m ASSIGNMENT.docx
hw2_C22 (1).pdf
2024.03.19 CS101 HW08.docx
HW1_C22.pdf
Setup _ CS 6035_LOG4.pdf
Discussion 8.docx
Assignment for Correlations in jamovi.pdf
PM Week - 5 Quizzes.docx
Recommended textbooks for you
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS