NIST Cybersecurity Framework: A pocket guide
()
About this ebook
This pocket guide serves as an introduction to the National Institute of Standards and Technology (NIST) and to its Cybersecurity Framework (CSF).
Now more than ever, organizations need to have a strong and flexible cybersecurity strategy in place in order to both protect themselves and be able to continue business in the event of a successful attack.
The NIST CSF is a framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices.
With this pocket guide you can:
- Adapt the CSF for organizations of any size to implement
- Establish an entirely new cybersecurity program, improve an existing one, or simply provide an opportunity to review your cybersecurity practices
- Break down the CSF and understand how other frameworks, such as ISO 27001 and ISO 22301, can integrate into your cybersecurity framework
By implementing the CSF in accordance with their needs, organizations can manage cybersecurity risks in the most cost-effective way possible, maximizing the return on investment in the organization’s security. This pocket guide also aims to help you take a structured, sensible, risk-based approach to cybersecurity.
Alan Calder
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
Read more from Alan Calder
ISO/IEC 38500: The IT Governance Standard Rating: 5 out of 5 stars5/5Information Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT Rating: 4 out of 5 stars4/5Information Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5ISO 27001/ISO 27002: A guide to information security management systems Rating: 0 out of 5 stars0 ratingsRisk Assessment for Asset Owners Rating: 4 out of 5 stars4/5PCI DSS: A pocket guide, sixth edition Rating: 0 out of 5 stars0 ratingsIT Governance: A Pocket Guide Rating: 3 out of 5 stars3/5The Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5EU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide Rating: 2 out of 5 stars2/5PCI DSS: A Pocket Guide, fourth edition Rating: 0 out of 5 stars0 ratingsCyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications Rating: 0 out of 5 stars0 ratingsSelling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratingsNine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsThe EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsIT Regulatory Compliance in the UK Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsThe Green Office: A Business Guide Rating: 0 out of 5 stars0 ratingsCompliance for Green IT: A Pocket Guide Rating: 5 out of 5 stars5/5PCI DSS: A Pocket Guide - 3rd edition Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratings
Related to NIST Cybersecurity Framework
Related ebooks
Landscape of Cybersecurity Threats and Forensic Inquiry Rating: 0 out of 5 stars0 ratingsThe Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program Rating: 0 out of 5 stars0 ratingsCyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsCyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security Rating: 0 out of 5 stars0 ratingsCyber Security Consultants Playbook Rating: 0 out of 5 stars0 ratingsCybersecurity: The Hacker Proof Guide To Cybersecurity, Internet Safety, Cybercrime, & Preventing Attacks Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: How Directors and Corporate Officers Can Protect their Businesses Rating: 5 out of 5 stars5/5Building a Practical Information Security Program Rating: 5 out of 5 stars5/5Cybersecurity Jobs & Career Paths: Find Cybersecurity Jobs, #2 Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Mindset: A Virtual and Transformational Thinking Mode Rating: 0 out of 5 stars0 ratingsThe Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsThe Little Book of Cybersecurity Rating: 0 out of 5 stars0 ratingsCybersecurity and Infrastructure Protection Rating: 0 out of 5 stars0 ratingsCybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsAuthorizing Official Handbook: for Risk Management Framework (RMF) Rating: 0 out of 5 stars0 ratingsIT Security Concepts Rating: 5 out of 5 stars5/5(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide Rating: 0 out of 5 stars0 ratingsThe Five Anchors of Cyber Resilience: Why some enterprises are hacked into bankruptcy, while others easily bounce back Rating: 0 out of 5 stars0 ratingsCSA Guide to Cloud Computing: Implementing Cloud Privacy and Security Rating: 0 out of 5 stars0 ratingsThe Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners Rating: 4 out of 5 stars4/5Computer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5Cloud Storage Security: A Practical Guide Rating: 5 out of 5 stars5/5The Ransomware Threat Landscape: Prepare for, recognise and survive ransomware attacks Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratings8 Steps to Better Security: A Simple Cyber Resilience Guide for Business Rating: 0 out of 5 stars0 ratingsBuilding Effective Cybersecurity Programs: A Security Manager’s Handbook Rating: 4 out of 5 stars4/5NIST Cybersecurity Framework A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratings
Computers For You
Deep Search: How to Explore the Internet More Effectively Rating: 5 out of 5 stars5/5SQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL Rating: 4 out of 5 stars4/5Mastering ChatGPT: 21 Prompts Templates for Effortless Writing Rating: 5 out of 5 stars5/5How to Create Cpn Numbers the Right way: A Step by Step Guide to Creating cpn Numbers Legally Rating: 4 out of 5 stars4/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Procreate for Beginners: Introduction to Procreate for Drawing and Illustrating on the iPad Rating: 0 out of 5 stars0 ratingsThe ChatGPT Millionaire Handbook: Make Money Online With the Power of AI Technology Rating: 0 out of 5 stars0 ratings101 Awesome Builds: Minecraft® Secrets from the World's Greatest Crafters Rating: 4 out of 5 stars4/5Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5Ultimate Guide to Mastering Command Blocks!: Minecraft Keys to Unlocking Secret Commands Rating: 5 out of 5 stars5/5AP Computer Science Principles Premium, 2024: 6 Practice Tests + Comprehensive Review + Online Practice Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Practice Questions Rating: 2 out of 5 stars2/5Grokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5CompTIA IT Fundamentals (ITF+) Study Guide: Exam FC0-U61 Rating: 0 out of 5 stars0 ratingsChildhood Unplugged: Practical Advice to Get Kids Off Screens and Find Balance Rating: 0 out of 5 stars0 ratingsChatGPT Ultimate User Guide - How to Make Money Online Faster and More Precise Using AI Technology Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Elon Musk Rating: 4 out of 5 stars4/5Dark Aeon: Transhumanism and the War Against Humanity Rating: 5 out of 5 stars5/5The Professional Voiceover Handbook: Voiceover training, #1 Rating: 5 out of 5 stars5/5Master Builder Roblox: The Essential Guide Rating: 4 out of 5 stars4/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5
Reviews for NIST Cybersecurity Framework
0 ratings0 reviews
Book preview
NIST Cybersecurity Framework - Alan Calder
reading
INTRODUCTION
Cybersecurity is becoming an ever more important facet of business, especially for organizations that operate infrastructure and essential services. There are 16 critical infrastructure sectors in the U.S. which provide physical and digital services that the national and economic security of the nation depends on.¹ If any harm were to come to them, revenue could suffer, costs would be driven up, and it could even place public safety and health at risk, in addition to the U.S. security and economy.
The U.S. Department of Homeland Security (DHS) lists the following critical infrastructure sectors:
•Chemical
•Commercial facilities
•Communications
•Critical manufacturing
•Dams
•Defense industrial base
•Emergency services
•Energy
•Financial services
•Food and agriculture
•Government facilities
•Health care and public health
•Information technology (IT)
•Nuclear reactors, materials, and waste
•Transportation systems
•Water and wastewater systems
The growing digital ecosystem
These sectors increasingly depend on IT and industrial control systems (ICS). ICS are now an integral part of a number of industries, and are implemented where human control would either be inadequate or incapable. This includes processes like power plant switches, light controls and warning signs in traffic systems, air traffic control, and the handling of materials. ICS are increasingly integrating with IT networks, not to mention that many other functions within critical infrastructure are at least partly reliant on IT.
The reliability of the U.S. critical infrastructure sectors is vital to maintaining the American way of life. These IT and ICS dependencies, however, provide an ever-growing attack surface for cyber criminals, which threatens that reliability. This is in addition to the rising number of cyber attacks – most notably conducted by Russia, China, North Korea, and Iran.²
Such attacks attempt to exploit vulnerabilities at any point in the organization, whether through social engineering, viruses and malware, network- and application-layer attacks, or any of the myriad of other methods. They typically target either software and networks that drive critical business functions and/or control systems that operate physical processes. Examples of each are respectively client databases and railroad switches. The substantial damages, resulting from fines, lawsuits, lost turnover, and damaged intellectual property, have both financial and reputational impacts.
Federal responses
In response to the rising number of threats, President Obama issued Executive Order 13636 (EO) titled Improving Critical Infrastructure Cybersecurity
in February 2013. The EO called for a voluntary, risk-based cybersecurity framework to be developed, outlining best practice for critical infrastructure sectors to manage their cybersecurity risks effectively. The result of this initiative was Version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity
(CSF), which was developed in collaboration with industry, and published by the National Institute of Standards and Technology (NIST) in February 2014.
This first CSF was superseded by Version 1.1 in April 2018,³ which was formalized and partly evolved on the basis of the Cybersecurity Enhancement Act of 2014 (CEA), passed in December 2014, calling for a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls that may be voluntarily adopted by owners and operators of critical infrastructure to help them identify, assess, and manage cyber risks
. This pocket guide will focus on the NIST CSF and discuss it in more detail.
Another federal response to the rising number of threats was the President’s National Infrastructure Advisory Council (NIAC) report dating back to August 2017.⁴ This report made 11 recommendations regarding the cybersecurity of critical infrastructure. While many of them require a certain degree of collaboration within each sector, there are some recommendations that individual organizations could completely or mostly implement themselves. These are:
•Establishing separate, secure communications networks
•Identifying and implementing scanning tools and assessment practices
•Establishing policies to quickly declassify cyber threat information
•Optimizing the cybersecurity governance approach