Question

What is the NIST "Framework for Improving Critical Infrastructure Cybersecurity" and how does it relate to our Textbook Chapter 4 content? Also, provide an example of a NIST Guideline and an example of a NIST Best Practice; how could you apply those examples you identified to your use of the Internet? Your job is to read the Assignment Document Executive Summary Assignment Document: http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf

See chapter 4 from This book security + guide to network security fundamentals

Answer 1

Framework for Improving Critical Infrastructure Cybersecurity:

• The National Institute of Standards and Technology (NIST) were tasked with leading the design of the Cybersecurity Framework.
• The resulting NIST Framework, created through collaboration between government and the private sector, uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses.
• The NIST Cyber Framework uses business drivers to guide cybersecurity activities.
• The Framework enables organizations, regardless of size, the degree of cybersecurity risk or cybersecurity sophistication to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure.
• According to the US Department of Homeland Security, "critical infrastructure are the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof."