NIST Cybersecurity Framework v1.0 – Key Takeaways

The NIST cyber security Framework is a risk-based approach to managing cyber security risk, and is composed of three parts: The Framework Core, the Framework Implementation Tiers, and the Framework Profiles :

1. Framework Core : The Framework Core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond and Recover.

Cybersecurity Framework launched
Cyber security Framework Launched


2. Framework Implementation Tiers : It provide context on how an organization views cyber security risk and the processes in place to manage that risk..Framework Core : The Framework Core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond and Recover.

The Tiers characterize an organization’s practices over a range , from

Tier 1 : Partial , Tier 2 : Risk Informed , Tier 3 : Repeatable & Tier 4 : Adaptive

3. Framework Profile : It represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories

Profiles can be used to identify opportunities for improving cyber security posture by comparing a Current” Profile (the “as is” state) with a “Target” Profile (the “to be” state).

Overall , Its a comprehensive and living framework. It will change along with the changing Risk and regulatory environments. It brings in Best Practices from ISO 27001:2013,COBIT 5 , NIST SP 800-53,ISA 62443-2009 etc. standards..

Happy Reading !

Sourcehttp://www.nist.gov/itl/csd/launch-cybersecurity-framework-021214.cfm

Image courtesy : http://www.grantthornton.com

Deepesh Kumar

An information security Risk management professional backed by knowledge of ITIL, ISO/IEC 27001 & 27002, ISO 22301,ISO 29100,CISSP,PMP,COBIT,CHFI and IS/IT Audits. Working in ANZ as a Security Consultant and CISSP, PMP, CHFI, ISO 27001 LA certified.

Share your comment