NIST Cybersecurity Framework

A pocket guide

By (author) Alan Calder

Publication date: 20 Sep 2018

This pocket guide serves as an introduction to the National Institute of Standards and Technology (NIST) and to its Cybersecurity Framework (CSF).

Now more than ever, organizations need to have a strong and flexible cybersecurity strategy in place in order to both protect themselves and be able to continue business in the event of a successful attack.  

The NIST CSF is a framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices.

With this pocket guide you can:

  • Adapt the CSF for organizations of any size to implement
  • Establish an entirely new cybersecurity program, improve an existing one, or simply provide an opportunity to review your cybersecurity practices
  • Break down the CSF and understand how other frameworks, such as ISO 27001 and ISO 22301, can integrate into your cybersecurity framework

By implementing the CSF in accordance with their needs, organizations can manage cybersecurity risks in the most cost-effective way possible, maximizing the return on investment in the organization’s security. This pocket guide also aims to help you take a structured, sensible, risk-based approach to cybersecurity.

Not available to order

Alan Calder is an acknowledged international cyber security guru and a leading author on information security and IT governance issues.

Alan co-wrote (with Steve Watkins) the definitive compliance guide, IT Governance: An International Guide to Data Security and ISO27001/ISO27002 (now in its sixth edition), which is the basis for the UK Open University’s postgraduate course on information security. This work draws on his experience leading the world’s first successful implementation of BS 7799 (now ISO 27001).

Alan has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). 

Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker.

Dimensions: 165x95mm

82 pages

Imprint: ITGP

Introduction      

The growing digital ecosystem  

Federal responses          

Past cyber incidents

The NIST Cybersecurity Framework        

1: Aims of the Framework

Relevant factors and variables   

Implementation benefits             

Structure            

2: Framework core         

Functions           

Identify

Protect, detect, and respond     

Recover              

Categories         

Subcategories  

Informative references

ISO 27001            

COBIT   

NIST SP 800-53  

ISA 62443            

CIS CSC

How the core elements interact

Implementation – risk management       

Methodologies

Risk responses 

NIST’s Risk Management Framework     

3: Framework profiles   

Current profile 

Target profile    

How the two profiles interact    

4: Framework implementation tiers        

How to view the tiers    

Risk management aspects

Risk management processes      

Integrated risk management program    

External participation    

Tier 1: Partial     

Tier 2: Risk-informed     

Tier 3: Repeatable          

Tier 4: Adaptive

How the tiers, profiles, and core interact              

5: Implementing the Framework              

Step 1: Determine objectives, priorities, and scope          

Step 2: Identify assets and risks 

Step 3: Create a current profile 

Step 4: Conduct a risk assessment           

Step 5: Create a target profile    

Step 6: Perform a gap analysis   

Step 7: Implement the action plan           

Continual improvement

Decision-making and implementation responsibilities     

6: Alignment with other frameworks

ISO 27001

ISO 22301

Combining ISO 27001 and ISO 22301       

Appendix: Key changes from Version 1.0 to 1.1  

Glossary              

Further reading