Question

In: Computer Science

The NIST framework core is meant to be meant to be generally applicable. However, organizations have...

The NIST framework core is meant to be meant to be generally applicable. However, organizations have varying security needs depending on their industry, information systems, data assets, etc. How may an organization account for their individual needs when applying the NIST framework?

Solutions

Expert Solution

An organization can easily account for its needs using the NIST framework. It can be done by understanding this framework completely. It is a set of cybersecurity activities. It offers various functions and tiers for implementation.

Organization can use this five step process while deciding on using NIST framework:

1. Identify the environment:

Organization needs to understand the type of environment in place in the organization. It can be helpful while managing system risks, data, assets, capabilities, etc. Digital as well as physical assets should be fully visible along with their interconnections. Such understanding can help in putting the right type of policies as well as procedures into place.

2. Protection and safety tips:

Potential cybersecurity measures should be in place. Organization should also control any kind of access to assets of the organization. This can be done by offering training to the staff. This will help in establishing baseline configuration in the network.

3. Detection of potential risks:

Potential risks should be detected quickly. This can be achieved when there is network visibility and cyber incidents are easily anticipated. Regular monitoring can help in understanding different ways in which the network will be configured for the proper analysis.

4. Responding to the incidents:

A response plan should be in place. This helps in understanding the NIST framework configuration as well as other communication lines. The response strategies will help in the learning of NIST operations that can be used on time.

5. Recovery:

After all is set, there comes the need to implement effective activities. This is included in the cyber security recovery plan. The plan activities can then be coordinated with NIST functions.


Related Solutions

Select and describe three sections of the NIST framework which would have an immediate impact on...
Select and describe three sections of the NIST framework which would have an immediate impact on your organization’s security if implemented and justify why.
What is the NIST "Framework for Improving Critical Infrastructure Cybersecurity" and how does it relate to...
What is the NIST "Framework for Improving Critical Infrastructure Cybersecurity" and how does it relate to our Textbook Chapter 4 content? Also, provide an example of a NIST Guideline and an example of a NIST Best Practice; how could you apply those examples you identified to your use of the Internet? Your job is to read the Assignment Document Executive Summary Assignment Document: http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf See chapter 4 from This book security + guide to network security fundamentals
NIST cybersecurity framework. Summarize the purpose, approach, goals, and scope of this topic publication.( cite references)
NIST cybersecurity framework. Summarize the purpose, approach, goals, and scope of this topic publication.( cite references)
For your organization/business, take the NIST Cybersecurity Framework controls and reduce them to system configuration requirements...
For your organization/business, take the NIST Cybersecurity Framework controls and reduce them to system configuration requirements and system test cases with pass/fail criteria. Refer to the "Framework for Improving Critical Infrastructure Cybersecurity," located within the Course Materials. Then, include the following in a report:(Hint..The professor wants us to use table 2 of the cybersecurity framework(CSF) to answer this question.I know the question has to do how some of the controls of the protect function of CSF cannot work for mobile...
Explain what is to be done when cybersecurity framework controls (NIST SP 800-53) cannot be implemented.
Explain what is to be done when cybersecurity framework controls (NIST SP 800-53) cannot be implemented.
Most firms/organizations start off small and are privately financed; however, as they grow, these organizations will...
Most firms/organizations start off small and are privately financed; however, as they grow, these organizations will face the issue of obtaining additional financing. One way is to “go public.” Discuss the steps which an organization must complete to do this. (answer needs to be 150 words or more)
Most firms/organizations start off small and are privately financed; however, as they grow, these organizations will...
Most firms/organizations start off small and are privately financed; however, as they grow, these organizations will face the issue of obtaining additional financing. One way is to “go public.” Discuss the steps which an organization must complete to do this. (answer needs to be 150 words or more)
At the core of financialization is the idea that organizations should be managed as though maximizing...
At the core of financialization is the idea that organizations should be managed as though maximizing the shareholders’ financial wealth is the only possible or legitimate goal (Cardao-Pito, 2017) At least, that has been the mantra for most businesses for a long time. It is the duty of company management to maximize shareholder wealth. In 1954, Peter Drucker had argued that “There is only one valid purpose of a corporation, to create a customer.” If the customer’s needs are met,...
University loan funds can readily be accounted for withinthe general framework applicable to not-for-profitorganizations....
University loan funds can readily be accounted for within the general framework applicable to not-for-profit organizations. Bronxville College maintains a loan fund of approximately $1 million (including receivables). The funds are invested in stocks and bonds, and all investment income must be added to the balance in the fund. The fund, however, is not restricted inasmuch as it was established by the college itself, not by donors. Prepare journal entries to record the following events and transactions that took place...
‘Explain how the categories of skills used for the APT-S framework are also applicable to work...
‘Explain how the categories of skills used for the APT-S framework are also applicable to work or other areas of life’. (Word Count: 400-500 words, from the book by Stella Cottrell, Skills for Success.)
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT