The NIST cyber security Framework
is a risk-based approach to managing cyber security risk, and is composed of
three parts: The Framework
Core, the Framework Implementation Tiers, and the Framework Profiles :
1. Framework Core : The
Framework Core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond and Recover.
2. Framework Implementation Tiers : It provide context on how an organization views cyber security risk and the processes in place to manage that risk..
The Tiers characterize
an organization’s practices over a range , from
Tier
1 : Partial , Tier 2 : Risk Informed , Tier 3 : Repeatable & Tier 4 :
Adaptive
3. Framework Profile : It represents the outcomes based on
business needs that an organization has selected from the Framework Categories
and Subcategories
Profiles can be used
to identify opportunities for improving cyber security posture by comparing a “Current” Profile (the
“as is”
state) with a “Target” Profile (the “to
be” state).
Overall , Its a comprehensive and living
framework. It will change along with the changing Risk and regulatory
environments. It brings in Best Practices from ISO 27001:2013,COBIT 5 , NIST SP
800-53,ISA 62443-2009 etc.
standards..
Happy Reading !
Image courtesy : GT
Now a good news for the people who want to learn the implementation of NIST cyber security framework as ISACA has announced a new 2 day course - Implementing NIST Cybersecurity Framework Using COBIT 5 (www.isaca.org/NISTCSF)
ReplyDelete