Cyber Security Master thesis

Study the principles, foundations, impact, and implementation of the NIST Cybersecurity Framework in this free course.

 Publisher: Rahul Kumar Sharma.

Introduction to NIST Cyber Security Framework (CSF)

In a voluntary framework, the NIST Cybersecurity Framework (NIST CSF) was developed by the United States government and industry to protect critical infrastructures. It was developed in response to existing standards, guidelines, and practices.

Learning Outcomes
  • After completing this, you will be able to:
    • Discuss the NIST Cyber Security Framework.
    • List the components of the NIST Cyber Security Framework.
    • Discuss the different Implementation Tiers of the NIST Framework.
    • Outline the concept of the framework profiles.
    • Summarize the overview of the NIST Framework. 
    • State and explain the clauses and sub-clauses of the Identify function of the NIST Framework.
    • Define risk management strategy.
    • Summarize supply chain risk management.

Context of NIST Cyber Security Framework

  • The modern world is dominated by interconnected and complex functioning frameworks. Most of these frameworks are connected through some form of internet or remote network, therefore, they are a prime target of cybersecurity attacks and risks. These cybersecurity risks and vulnerabilities carry an exponential level of threat to not only big companies and governments but also to the health, safety, privacy, and overall quality of life of the ordinary citizen/consumer.
  • As the sophistication of various networks, systems, and processes increases, the quality of cyber attacks and their associated risks have also increased proportionally. Therefore, it is of utmost importance to address these security risks.

Understanding the Purpose of the NIST Cyber Security Framework

  • Organizations must be systematically resilient to face security weaknesses and vulnerabilities to minimize the magnitude of a cyber attack. For this purpose, certain procedures, processes, and frameworks are developed to protect against such cyber threats. NIST Cyber Security Framework is one of those systems developed for this purpose.
  • It is a legal and moral obligation to protect the health, safety, security, and privacy of all stakeholders, therefore, it is important to have measures to protect the critical infrastructure of the organization.
  • Unlike some other frameworks, NIST does not take a one-size-fits-all approach. Instead, it opts for a more dynamic approach to cybersecurity. Practically all organizations have different risks, different threats, and different vulnerabilities and as a result, a unique perspective to address the cybersecurity risk requirements and management. Therefore, it is up to the organization to pick the appropriate NIST Framework to safeguard the critical infrastructure under their control.
  • To maximize the impact of the money that the organization spends on cybersecurity investments, they are free to customize the practices and prescriptions entirely to their liking.
See also  Free Machine learning Crash Courses

Scope of NIST Cyber Security Framework

NIST is developed for any organizations that use sophisticated technologies including but not limited to Information Technology, the Internet of Things, cyber-physical systems, and industrial control systems to achieve the required objectives.

The NIST Cyber Security Framework consists of five core sets of cybersecurity risk management functions that are common across various other frameworks and can operate concurrently; Identify your Context, Protect your Assets, Detect your Anomalies, Respond to Incidents, and Recover from Incidents.

Context to NIST Cyber security Framework core

These core functions provide the backbone for NIST Framework and every other element is built around them. These functions are divided into Activities that further break into tasks, which when in action are referred to as:

Outcomes Tasks.

These actions are useful to address the Current Profile and Desired/Target Profile of the cybersecurity status of the organization and to fix the gaps in cybersecurity.

The Reason for Different Implementation Tiers

NIST is designed with flexibility in mind since it’s likely that not every organization has the same use of its framework. The framework must account for the vulnerabilities and risks specific to a particular organization and be molded according to those quirks. Bigger organizations likely have other security measures that overlap with the NIST Framework and smaller organizations likely have fewer security measures due to the low potential of data breaches. It is for this reason that NIST has different Implementation Tiers that may suit different organizations.

The four implementation tiers of NIST are:

 Partial (Tier 1)

 Risk Informed (Tier 2)

 Repeatable (Tier 3)

 Adaptive (Tier 4)

Objectives and Feasibility

Implementation of tiers is independent of the size or maturity level of a company. The end goal is to make sure that the framework achieves the objectives of the organization and is feasible to implement.

See also  Data Science Foundations With Free Certificate

Introduction

Cybersecurity risks are one of the biggest risks that can affect any organization. Therefore, the components of NIST have developed under the influence of industry best practices. This ensures that the organization’s information is safeguarded and any cybersecurity risks are managed and 

promptly taken care of.

Component of NIST Framework

NIST Framework consists of three main components. These components work in cooperation to assist organizations in making a viable strategy for their cybersecurity risks. The components are:

 Framework Core

 Implementation Tiers

 Profiles

Framework Core provides a set of activities and functions which are considered achievable. It is divided into categories and has comprehensive references.  The core is designed to enable cross-communication between technical and non-technical teams and is divided into three parts: Functions, Categories, and Subcategories. 

The functions are divided into 5 parts: Identity, Protect, Detect, Respond, and Recover. These functions are flexible enough to not only be implemented for cybersecurity risks but risk management in general. Categories are at a lower level and are split among the five functions.

Brief Description of categories and sub-categories

  • Although the categories are not very detailed, they are intended to cover all operations of an organization’s cybersecurity management across cyber and physical space with a focus on business outcomes.
    • Furthermore, an additional 108 Subcategories are also the lowest level of The Framework Core. These Subcategories are objective-driven which means that the only thing the organization is free to implement is any process, controls, or management systems to reach the required level. The organization is also free to use any or none of these Subcategories.

Function Categories

Identify • Asset Management (ID.AM)

• Business Environment (ID.BE)

• Governance (ID.GV)

• Risk Assessment (ID.RA)

• Risk Management Strategy (ID.RM)

• Supply Chain Risk Management (ID.SC)

Protect • Identity Management and Access Control (PR.AC)

• Awareness and Training (PR.AT)

• Awareness and Training (PR.AT)

• Information Protection Processes and Procedures (PR.IP)

• Maintenance (PR.MA)

• Protective Technology (PR.PT)

NIST Framework Core – Detect (DE)
  • Category Identifier   Category Description
  • DE.AE Anomalies and Events: The organization must register any anomalies detected and assess them until they are fully understood.
  • DE.CM Security Continuous Monitoring: The information systems must be monitored to identify any cybersecurity events and to verify the effectiveness of their protection.
  • DE.DP Detection Processes: Detection processes are implemented and tested for anomalous events.
See also  Advanced Learning Algorithms
Lesson Summary
  • The modern world is dominated by interconnected and complex functioning frameworks. Since most of the frameworks are connected via the internet or network, therefore, these are the Prime Targets of cybersecurity attacks and risks. These cybersecurity risks and vulnerabilities carry an exponential threat to big companies and governments but also the health, safety, privacy, and the overall quality of life of the ordinary citizen/consumer.
  • With the advancement of various networks, systems, and processes, there is an increased risk of the quality of cyberattacks. Similarly, the risks associated with these attacks have increased proportionally. Therefore, it is of utmost importance to address these security risks.
  • It is a legal and moral obligation to protect the health, safety, security, and privacy of all stakeholders. Organizations have to take measures to protect the critical infrastructure of the organization.
  • To maximize the impact of the money that the organization spends on cybersecurity investments. They can adopt cybersecurity measures as per their business needs and context.
  • NIST is developed for organizations that use sophisticated technologies including but not limited to Information Technology, Internet of Things, cyber-physical systems, and industrial control systems to achieve the required objectives.
  • The NIST Cybersecurity Framework consists of five core sets of cybersecurity risk management functions. These are common across various other frameworks and can operate concurrently. These are: Identify your Context, Protect your Assets, Detect your Anomalies, Respond to Incidents, and Recover from Incidents.
  • Cybersecurity risks are one of the biggest risks that can affect any organization. Therefore, the components of NIST have developed under the influence of industry best practices.

NIST Framework consists of three main components:

• Framework Core

• Implementation Tiers

• Profiles

Framework Core provides a set of activities and outcomes which are considered desirable divided into categories and have Informative References.

The core is designed to enable cross-communication between technical and non-technical teams and is divided into three parts:

• Functions

• Categories

• Subcategories

To Know More About The Course or to join the course 

Click Here

Leave a Comment

Your email address will not be published.

Ads Blocker Image Powered by Code Help Pro
Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.

Refresh