From the course: Cybersecurity Foundations
Understanding the NIST Cybersecurity Framework
- [Instructor] The inclusion of cyberspace, International critical infrastructures was formally recognized at the third Global Conference on cyberspace, held in Seoul in 2013. With the publication of the Seoul Framework for a Commitment to an Open and Secure Cyberspace. It states, "The global and open nature of the internet is a driving force in accelerating progress towards development. Governments, business organizations, and individual owners and users of cyberspace must assume responsibility for and take steps to enhance the security of their information technologies." In response to this, in 2014, the US National Institute of Standards and Technology issued the framework for improving critical infrastructure cybersecurity. In 2024, the NIST CSF version 2 was issued. This framework has now become the defacto standard for cybersecurity. Let's take a look at it. The NIST Cybersecurity Framework is an action oriented approach to security and consists of three elements. The framework core, the framework profile, and the framework implementation tiers. The framework core provides a set of activities to achieve cybersecurity, described in the six areas of govern, identify, protect, detect, respond, and recover. Each of these activities is decomposed into a total of 22 categories of security activities. For example, we can see that the detect group decomposes into the two categories of continuous monitoring and adverse event analysis. Going deeper, we can see that each of the categories is further decomposed into a set of controls. For example, the technology infrastructure resilience category is broken down into four subcategories, network and environment protection, environmental protection, resilience, and capacity management. Each of these subcategories is referenced to the relevant NIST, ISO and COBIT standards. The NIST Cybersecurity framework doesn't introduce its own set of controls. It provides a higher level framework, which can be used to develop a contemporary cybersecurity profile for an organization, but it relies on existing control frameworks for its implementation. COBIT, ISA, or otherwise known as IEC 62443. ISO 27000 and NIST, SP 800-53
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
The Orange Book: Early concepts in computer security4m 23s
-
Understanding the NIST Cybersecurity Framework2m 53s
-
Adopting the NIST Cybersecurity Framework2m 51s
-
Understanding the basics of cyber risk4m
-
Analyzing cyber threats and controls1m 59s
-
Recording, reporting, and the risk context3m 32s
-
An advanced risk framework5m 32s
-
Managing security with COBIT3m 47s
-
COBIT for operational security5m 43s
-
Introduction to cybersecurity controls2m 35s
-
Cybersecurity control framework4m 27s
-
Cybersecurity standards of good practice3m 3s
-
-
-
-
-
-