
This is a sneak peak at the NIST Cybersecurity Framework and what its components are.
This lecture introduces the NIST Cybersecurity Framework and its components.
This lecture discusses the Normative References and which these are as well as how they are integrated into the NIST CSF.
We go into details of the categories and sub categories of the module Identify.
We go into details of the categories and sub categories of the module Protect.
We go into details of the categories and sub categories of the module Detect.
We go into details of the categories and sub categories of the module Respond.
We go into details of the categories and sub categories of the module Recovery.
We go into details of implementing The NIST CSF in a project and what best practices, challenges and steps are needed from the view of the Framework.
Here are additional documents like the framework xls and the NIST CSF framework document.
Understanding what the NIST Cybersecurity Framework is helps us to decide whether it’s the right framework for us. If we look at what NIST says the CSF is we read the following:
Building from those standards, guidelines, and practices, the Framework provides a common taxonomy and mechanism for organizations to:
1. Describe their current cybersecurity posture;
2. Describe their target state for cybersecurity;
3. Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process;
4. Assess progress toward the target state;
5. Communicate among internal and external stakeholders about cybersecurity risk.
The Framework is not a one-size-fits-all approach to managing cybersecurity risk for critical infrastructure. Organizations will continue to have unique risks – different threats, different vulnerabilities, different risk tolerances. They also will vary in how they customize practices described in the Framework. Organizations can determine activities that are important to critical service delivery and can prioritize investments to maximize the impact of each dollar spent. Ultimately, the Framework is aimed at reducing and better managing cybersecurity risks.
This course will focus on the 5 Areas, Categories and Sub Categories of each area, we then work our way through the whole framework to then discuss the Pros and Cons of the CSF and how to implement it in a project at your company or for your company / team / department.