NIST Cybersecurity Framework
A pocket guide
By (author) Alan Calder
Publication date: 20 Sep 2018
This pocket guide serves as an introduction to the National Institute of Standards and Technology (NIST) and to its Cybersecurity Framework (CSF).
Now more than ever, organizations need to have a strong and flexible cybersecurity strategy in place in order to both protect themselves and be able to continue business in the event of a successful attack.
The NIST CSF is a framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices.
With this pocket guide you can:
- Adapt the CSF for organizations of any size to implement
- Establish an entirely new cybersecurity program, improve an existing one, or simply provide an opportunity to review your cybersecurity practices
- Break down the CSF and understand how other frameworks, such as ISO 27001 and ISO 22301, can integrate into your cybersecurity framework
By implementing the CSF in accordance with their needs, organizations can manage cybersecurity risks in the most cost-effective way possible, maximizing the return on investment in the organization’s security. This pocket guide also aims to help you take a structured, sensible, risk-based approach to cybersecurity.
Alan Calder is an acknowledged international cyber security guru and a leading author on information security and IT governance issues.
Alan co-wrote (with Steve Watkins) the definitive compliance guide, IT Governance: An International Guide to Data Security and ISO27001/ISO27002 (now in its sixth edition), which is the basis for the UK Open University’s postgraduate course on information security. This work draws on his experience leading the world’s first successful implementation of BS 7799 (now ISO 27001).
Alan has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ).
Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker.
Dimensions: 165x95mm
82 pages
Imprint: ITGP
Introduction
The growing digital ecosystem
Federal responses
Past cyber incidents
The NIST Cybersecurity Framework
1: Aims of the Framework
Relevant factors and variables
Implementation benefits
Structure
2: Framework core
Functions
Identify
Protect, detect, and respond
Recover
Categories
Subcategories
Informative references
ISO 27001
COBIT
NIST SP 800-53
ISA 62443
CIS CSC
How the core elements interact
Implementation – risk management
Methodologies
Risk responses
NIST’s Risk Management Framework
3: Framework profiles
Current profile
Target profile
How the two profiles interact
4: Framework implementation tiers
How to view the tiers
Risk management aspects
Risk management processes
Integrated risk management program
External participation
Tier 1: Partial
Tier 2: Risk-informed
Tier 3: Repeatable
Tier 4: Adaptive
How the tiers, profiles, and core interact
5: Implementing the Framework
Step 1: Determine objectives, priorities, and scope
Step 2: Identify assets and risks
Step 3: Create a current profile
Step 4: Conduct a risk assessment
Step 5: Create a target profile
Step 6: Perform a gap analysis
Step 7: Implement the action plan
Continual improvement
Decision-making and implementation responsibilities
6: Alignment with other frameworks
ISO 27001
ISO 22301
Combining ISO 27001 and ISO 22301
Appendix: Key changes from Version 1.0 to 1.1
Glossary
Further reading