The NIST cyber security Framework is a risk-based approach to managing cyber security risk, and is composed of three parts: The Framework Core, the Framework Implementation Tiers, and the Framework Profiles :
1. Framework Core : The Framework Core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond and Recover.
2. Framework Implementation Tiers : It provide context on how an organization views cyber security risk and the processes in place to manage that risk..Framework Core : The Framework Core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond and Recover.
The Tiers characterize an organization’s practices over a range , from
Tier 1 : Partial , Tier 2 : Risk Informed , Tier 3 : Repeatable & Tier 4 : Adaptive
3. Framework Profile : It represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories
Profiles can be used to identify opportunities for improving cyber security posture by comparing a “Current” Profile (the “as is” state) with a “Target” Profile (the “to be” state).
Overall , Its a comprehensive and living framework. It will change along with the changing Risk and regulatory environments. It brings in Best Practices from ISO 27001:2013,COBIT 5 , NIST SP 800-53,ISA 62443-2009 etc. standards..
Happy Reading !
Image courtesy : http://www.grantthornton.com