Laws and regulations

Introduction to the NIST CyberSecurity Framewor for a Landscape of Cyber Menaces

The implementation of the NIST CyberSecurity Framework is of vital importance for the changes taking place in the landscape of zero-day threats

The NIST CyberSecurity Framework is a guide for businesses and enterprises of good practices for information security. The NIST CyberSecurity Framework proposes a guide, which can adapt to each enterprise e for different needs.

The framework gives enterprises and businesses the possibility of applying the principles and the best practices of risk management to upgrade security and resilience of critical infrastructure. It provides organization and structure for the different insights of our time, with the best practices already adopted across the industry.

The Framework is an approach based on risk to manage cyber security risks and is composed of three parts: Framework Core, Framework Implementation Tiers, and Framework Profiles. Each part of the component of the Framework enforces the connection between business owners and the activities of cyber security.

In its composition, the Framework Core has five concurrent functions and continuous: Identity, Protect, Detect, Respond and Recover.

When placed together these functions give a strategic approach to the high level of the life cycle of risk management for cyber security of an organization. The Framework Implementation Tiers gives the context in which an organization understands the risk of cyber security and the processes established to manage that risk.

The Framework Profile can be defined as an alignment of patterns, guides, and practices of the Framework Core in a particular scenario of implementation. The Framework Profile can be used to identify opportunities for improving cyber security posture by comparing the actual Profile (“how it is”) with the target Profile (“how it will be”).

By being adaptive, the NIST CyberSecurity Framework can detect and respond to the new threats that appear from out of the thin air. This includes ransomware, IoT hacking and other new types of malware.  The Risk Management is treated as an ongoing process to identify, assess and respond to risk. To manage risk it is proposed that organizations must understand the probability of occurrence of an event and the impact resulting from it.

This information gives organizations the capability of determining the acceptable risk level for delivering services, which is expressed by its risk tolerance. This understanding gives organizations the capacity of prioritizing the cyber security activities.  It is important to adapt so organizations can respond. The NIST CyberSecurity Framework is available for small business, critical infrastructure services and organizations.

As cloud, big data and analytics reach a new level so does the possibility of damages for the health care, power grid, IoT and businesses. The Framework is elaborated in the form of Tier to cover all aspects of information security covering assets and employees best practices. This approach gives organizations the ability to isolate threats, in such way that detection and mitigation do not affect other assets of the organization.

Source:

https://gcn.com/articles/2017/03/31/cybersecurity-framework-revisions.aspx

nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

http://csrc.nist.gov/groups/SMA/fisma/sp800-53r5_pre-draft.html

http://www.govinfosecurity.com/groups-say-nist-must-better-address-healthcares-cyber-needs-a-9841

http://www.nextgov.com/cybersecurity/2017/04/bill-improve-small-business-cybersecurity-advances/136750/

http://blog.executivebiz.com/2017/04/tech-firms-urge-nist-to-include-vulnerability-disclosure-processes-in-cybersecurity-framework/

http://www.govinfosecurity.com/groups-say-nist-must-better-address-healthcares-cyber-needs-a-9841

https://www.nist.gov/news-events/news/2014/10/nist-releases-final-version-smart-grid-framework-update-30

https://www.nist.gov/itl/ssd/systems-interoperability-group/health-it-testing-infrastructure

About the author Luis Nakamoto

Luis Nakamoto is a Computer Science student of Cryptology and a enthusiastic of information security having participated in groups like Comissão Especial de Direito Digital e Compliance (OAB/SP) and CCBS (Consciência Cibernética Brasil) as a researcher in new technologies related to ethical hacking, forensics and reverse engineering. Also a prolific and compulsive writer participating as a Redactor to Portal Tic from Sebrae Nacional.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – NIST CyberSecurity Framework, critical infrastructure)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

4 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

10 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

22 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.