Question

In: Computer Science

Describe when some cybersecurity framework controls cannot be implemented (such as on a personal laptop, IoT,...

Describe when some cybersecurity framework controls cannot be implemented (such as on a personal laptop, IoT, and other mobile devices).

Solutions

Expert Solution

A Cybersecurity framework is a set of controls that when met, represents a fully functional cybersecurity program. The two most common cybersecurity frameworks are the NIST Cybersecurity Framework and ISO-27000, although there are dozens of different frameworks that serve the needs of different industries. Some frameworks are focused around specific industries while others just vary in wording and controls. 84% of organizations in the US utilize a cybersecurity framework, and 44% use more than one according to Tenable.
Cyber security Framework controls cannot be implemented on devices such as laptops, LoT’s and other mobile devices due to following reasons:

Identify: Identify is focused on laying the groundwork for an effective cybersecurity program. Controls in this group include conducting a risk assessment, inventorying IT assets, and creating a comprehensive risk management strategy. By identifying risks and documenting where sensitive data is stored your organization can ensure controls are effectively implemented to protect the most critical business processes and most valuable data.

Protect: The protect function involves implementing technology and creating processes to ensure the adequate protection of data. These controls include providing employees with security awareness training, employing protective technologies such as anti-virus, and access controls. 

Detect: Detecting potential cybersecurity incidents is critical. Many companies only find out they have been breached when their proprietary or customer information is sold on the dark web. The Detect function of the NIST Cybersecurity framework involves controls designed to ensure your organization detects potential incidents when they occur. 

Respond: No matter how good your cybersecurity posture is, incidents can still happen. Controls found in the response function focus on ensuring that your organization has the capacity to rapidly and efficiently respond to a cybersecurity incident. When an incident occurs seconds matter. 

Recover: Recovering from a cybersecurity incident can be tough. You have to worry about managing brand reputation, restoring functionality to IT assets, and ensuring that your systems are clean. Controls in the Recover function cover lessons learned, planning for recovery before the incident, and testing recovery processes.

Unless a specific framework is mandated by their industry or regulatory body, most companies should focus on following the NIST Cybersecurity Framework. It is comprehensive, understandable, and meets many compliance requirements by default. By following the NIST Cybersecurity Framework you can be confident that you are adhering to cybersecurity best practices.

Related Solutions

Explain what is to be done when cybersecurity framework controls (NIST SP 800-53) cannot be implemented.
Explain what is to be done when cybersecurity framework controls (NIST SP 800-53) cannot be implemented.
For your organization/business, take the NIST Cybersecurity Framework controls and reduce them to system configuration requirements...
For your organization/business, take the NIST Cybersecurity Framework controls and reduce them to system configuration requirements and system test cases with pass/fail criteria. Refer to the "Framework for Improving Critical Infrastructure Cybersecurity," located within the Course Materials. Then, include the following in a report:(Hint..The professor wants us to use table 2 of the cybersecurity framework(CSF) to answer this question.I know the question has to do how some of the controls of the protect function of CSF cannot work for mobile...
Controls cannot provide absolute assurance.   Describe some of the major limitations of internal control and explain...
Controls cannot provide absolute assurance.   Describe some of the major limitations of internal control and explain how they diminish the reliability of internal controls.
Describe what is National Initiative for Cybersecurity Education (NICE) Framework? As a leader, how can you...
Describe what is National Initiative for Cybersecurity Education (NICE) Framework? As a leader, how can you use a NICE framework at your place of work? Do provide two examples to support your points.
Adequate controls have to be implemented if an organization wants to reduce errors and fraud when...
Adequate controls have to be implemented if an organization wants to reduce errors and fraud when using computer technology. It is in the design stage of an information system that the appropriate controls are planned to ensure reliability of data. A good design can prevent both intentional and unintentional alteration and destruction of data. The data controls can be classified as input controls, process controls, and output controls. For each of these control categories, provide two specific controls, and state...
In regards to cash and inventory, what are some "compensating controls" that could have been implemented...
In regards to cash and inventory, what are some "compensating controls" that could have been implemented for this small business (review Ch. 4 for ideas)?
Describe some of the personal and psychological factors that may influence what consumers buy and when...
Describe some of the personal and psychological factors that may influence what consumers buy and when they buy it. Are any of these factors particularly effective or ineffective on you? Explain why or why not.
Why are internal controls important in an organization? Describe some internal controls that relate to cash...
Why are internal controls important in an organization? Describe some internal controls that relate to cash receipts and cash disbursements. Please answer in your own words. Do not use outside resources.
What are some of the controls that one should have when looking at a petty cash...
What are some of the controls that one should have when looking at a petty cash fund?
What are some examples of when controls failed within a cruise line and a crisis erupted?...
What are some examples of when controls failed within a cruise line and a crisis erupted? please provide at least 200 words that are cited with evidence from at least 2 academic sources.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT