Scribd
Upload
108 views

Research On NIST Framework

The document discusses cybersecurity standards for organizations. It outlines several standardization bodies that create cybersecurity standards including NIST, ISO, and ETSI. It then provides details on NIST's cybersecurity framework, including its core functions of identify, protect, detect, respond, and recover.

Uploaded by

dumps sumps
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
108 views

Research On NIST Framework

The document discusses cybersecurity standards for organizations. It outlines several standardization bodies that create cybersecurity standards including NIST, ISO, and ETSI. It then provides details on NIST's cybersecurity framework, including its core functions of identify, protect, detect, respond, and recover.

Uploaded by

dumps sumps
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Research on Cybersecurity standards for organization

September 28, 2020


Introduction
According to infosec institute “Standardization bodies are organizations that exist
specifically for developing, coordinating, promoting and interpreting technical standards”.
There are several standardization bodies all around the globe that makes standards in
the domain of information security. Some of them are listed below:

1. National Institute of Standards and Technology (NIST)


2. ISO/IEC JTC 1
3. National Initiative for Cybersecurity Education
4. European Telecommunications Standards Institute (ETSI)
5. International Society of Automation
6. Payment Card Industry Security Standards Council
7. ANSI-ASQ National Accreditation Board
8. International Telecommunication Union
9. CENELEC
10. National Cybersecurity Center of Excellence

1. The International Organization for Standardization (ISO)


ISO (International Organization for standardization) is an independent, non-
governmental organization which develops standards to ensure the quality, safety and
efficiency of a product, services and systems (Wilber, 2020). ISO 27000 family
consists of information security standards published by ISO and IEC. It provides
recommendation on information security management system (ISMS) and also talks
about information risks and its effective control (ISO.ORG, 2020).
2. The National Institute of Standards and Technology (NIST)
Every organization must balance the rapidly evolving cyber threat landscape against
the need to fulfill business objectives. NIST provides a framework that participate with
industry standard and provides best practice to help those organization to manage
their cybersecurity risks. NIST claims that around 7 out of every 10 security
professionals and IT experts agree that the framework provided by the NIST.

Figure 1: NIST Survey


2.1. NIST Framework

Version 1.1 of the cybersecurity framework refines, clarifies, and enhances version 1.0
which was issued in February 2014. This Version 1.1 was issued on April 16, 2018 by the
National Institute of Standards and Technology.

The NIST framework is a risk-based approach to manage cybersecurity risk and is


composed of three parts: the framework core, the framework implementation tiers and
the framework profiles.

2.1.1 Framework Core:

Framework core is a set of cybersecurity activities, desired outcomes, and applicable


references that are common across critical infrastructure. It provides guidance, practices,
standard that allows communication from execution level to implementation level. The
core consists of five major functions i.e. Identify, Protect, Detect, Respond and Recover.

➢ Identify:

Activities done in this process are foundation for effective use of framework. Identifying
the business context, resources that support critical functions, and the related cyber
security risk with its risk management strategy. It is further categorized as: Assets
management, Business environment, Governance, Risk assessment and risk
management strategy.

➢ Protect

This section includes the development and implementation of appropriate safeguards to


ensure delivery of critical services. Some of the examples are: Identity Management and
Access Control; Awareness and Training; Data Security; Information Protection
Processes and Procedures; Maintenance; and Protective Technology.
➢ Detect

This section includes development and implementation of appropriate activities to identify


the occurrence of cybersecurity activities. Examples are: Anomalies and Events, Security
Continuous monitoring and detection processes.

➢ Respond

This section includes development and implementation of appropriate activities to take


action regarding a detected cybersecurity incident. Examples are: Response Planning,
Communications, Analysis, Mitigation and Improvements.

➢ Recover

This section includes development and implementation of maintain plans to restore any
kind of services that were impacted due to cybersecurity incident. Examples are:
Recovery planning, Improvements and Communications
Why use NIST framework?

➢ It helps in guiding through various levels of an organization from senior executives, to


business and process level, and implementation and operations as well
➢ It is extremely versatile.
➢ This Framework can be customized for use by any type of organization.

You might also like