NIST CSF - Arsh D.
pdf
keyboard_arrow_up
School
University of Texas, Dallas *
*We aren’t endorsed by this school
Course
3023
Subject
Information Systems
Date
Apr 3, 2024
Type
Pages
3
Uploaded by CommodoreNeutron102
Arsh Durrani Professor William Hefley ITSS 4370.001 3/18/24 National Institute of Standards & Technology (NIST) Cybersecurity Framework The National Institute of Standards and Technology, known as NIST, operates under the United States Department of Commerce. NIST is responsible for promoting innovation and competitiveness within industries. Recently NIST introduced an updated edition (version 2.0) of their Cybersecurity Framework (CSF). The CSF aims to assist organizations of varying sizes in understanding, handling and minimizing cybersecurity risks while keeping their networks and data safe. Rather than dictating how outcomes should be reached, the CSF presents the cybersecurity objectives that can be applied to any organization and directs users to resources offering advice on methods to achieve their objectives. Let’s take a look at the CSF in terms of its components
within the core. The CSF Core, or the nucleus as NIST describes it, is a high-level categorization of cybersecurity outcomes that can help any organization manage its cybersecurity risks. The core is composed of a classification of functions, categories, and sub-categories that detail each outcome and provide the organizations which are reading this framework with guidelines on how to address unique risks and how to navigate mitigating cyber risks in accordance with an organization’s mission and stakeholder requirements. The core functions are listed below; CSF Core Functions –
Govern, Identify, Protect, Detect, Respond, and Recover The first function, Govern, provides outcomes to inform what an organization may do to achieve and prioritize the outcomes of the other 5 functions in context of its mission and stakeholder expectations. This function addresses understanding of organizational context in terms of, the establishment of cybersecurity strategy and supply chain risk management, different roles, responsibilities, and authorities, policies set in place, and an oversight of cybersecurity strategy. The second function, Identify, is making sure that the organization’s current cybersecurity risks are understood, as well as its assets (ex., data, hardware, software, systems, services, people, suppliers). Along with understanding current risks, the Identify function also points out improvement opportunities for the organization’s policies, plans, processes, procedures, and practices. The third function, Protect, aims to utilize safeguards to manage the organization’s cybersecurity risks. Once assets and risks are identified, the Protect function enables security of those assets to prevent or lower the likelihood and impact of cyber threats. Some outcomes in this function include identity management, authentication, and access control, awareness and training, data and platform security (securing hardware, software, and services of both physical & virtual platforms), and resilience of technology infrastructure.
The fourth function, Detect, is in regards to making sure that possible cybersecurity attacks and compromises are found and analyzed. Detect enables the discovery and analysis of potentially adverse events that may indicate attacks or incidents are occurring. Detect supports successful incident response and recovery activities. The fifth function, Respond, is for ensuring that actions regarding a detected cybersecurity incident are taken. The Respond function supports the ability to contain the effects of said incidents and some outcomes for this function are incident management, analysis, mitigation, reporting, and communication. Lastly, the sixth function, Recover ensures that assets and operations affected by a cybersecurity indecent are restored. This function supports the restoring of normal operations to reduce the effects of a cyber incident and enable communication during recovery efforts. All of the listed functions have a vital role related to cybersecurity incidents; Govern, Identify, and Protect outcomes help prevent and prepare for incidents, while Govern, Detect, Respond, and Recover outcomes help discover and manage incidents. The IT Capability Maturity Framework (IT-CMF) outlines 37 Critical Capabilities, one of which is Risk Management. The NIST Cybersecurity Framework details risk management and is therefore related to the critical capabilities of the IT-CMF. Moreover, the framework is highly relevant to infrastructure management for various sectors. The framework covers different areas of infrastructure management, such as Risk Management, Compliance, Resilience, and Supply Chain Security. Below are examples of how the CSF is related to infrastructure management, and how infrastructure managers can make decisions by following the aforementioned guidelines. When discussing risk management, the framework provides an approach to managing cybersecurity risks. Infrastructure managers can utilize the CSF to identify risks, implement protective measures, detect potential threats, and respond effectively to incidents. By following the CSF guidelines, infrastructure managers can enhance the resilience of systems and operations against cyber threats and improve their recoverability in the face of an attack. Additionally, the CSF emphasizes the importance of managing cyber risks in the supply chain. Infrastructure managers can use the framework to assess the practices of the organization’s suppliers and ensure that security standards are met. Overall, the NIST CSF provides a comprehensive approach to cybersecurity risk management that is relevant to infrastructure management. After looking at the Cybersecurity Framework in detail, we see that by adopting the guidelines within the framework organizations can improve the security, resilience, and reliability of their systems and enhance operations.
Works Cited:
“The NIST Cybersecurity Framework (CSF) 2.0.”
NIST Cybersecurity Framework (CSF) 2.0
, National Institute of Standards & Technology, U.S. Department of Commerce , 26 Feb. 2024, https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf Posey, Brien. “What Is the Risk Management Framework (RMF)?: Definition from TechTarget.”
Risk Management Framework
, TechTarget, 13 Feb. 2024, www.techtarget.com/searchcio/definition/Risk-Management-Framework-
RMF#:~:text=Brien%20Posey-
,What%20is%20the%20Risk%20Management%20Framework%20(RMF)%3F,of%20the%
20United%20States%20government Yasar, Kinza. “What Is Supply Chain Risk Management (SCRM)?: Definition by TechTarget.”
Supply Chain Risk Management
, TechTarget, 19 Dec. 2023, www.techtarget.com/whatis/definition/supply-chain-risk-management-SCRM
.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help