NIST Cybersecurity Framework - A pocket guide

NIST Cybersecurity Framework - A pocket guide

by Alan Calder
Released September 2018
Publisher(s): IT Governance Publishing
ISBN: 9781787780422

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

The NIST CSF is a framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices.

Table of contents

  1. Cover
  2. Title
  3. Copyright
  4. About the Author
  5. Contents
  6. Introduction
    1. The growing digital ecosystem
    2. Federal responses
    3. Past cyber incidents
    4. The NIST Cybersecurity Framework
  7. Chapter 1: Aims of the Framework
    1. Relevant factors and variables
    2. Implementation benefits
    3. Structure
  8. Chapter 2: Framework core
    1. Functions
      1. Identify
      2. Protect, detect, and respond
      3. Recover
    2. Categories
    3. Subcategories
    4. Informative references
      1. ISO 27001
      2. COBIT
      3. NIST SP 800-53
      4. ISA 62443
      5. CIS CSC
    5. How the core elements interact
    6. Implementation – risk management
      1. Methodologies
      2. Risk responses
      3. NIST’s Risk Management Framework
  9. Chapter 3: Framework profiles
    1. Current profile
    2. Target profile
    3. How the two profiles interact
  10. Chapter 4: Framework implementation tiers
    1. How to view the tiers
    2. Risk management aspects
      1. Risk management processes
      2. Integrated risk management program
      3. External participation
    3. Tier 1: Partial
    4. Tier 2: Risk-informed
    5. Tier 3: Repeatable
    6. Tier 4: Adaptive
    7. How the tiers, profiles, and core interact
  11. Chapter 5: Implementing the Framework
    1. Step 1: Determine objectives, priorities, and scope
    2. Step 2: Identify assets and risks
    3. Step 3: Create a current profile
    4. Step 4: Conduct a risk assessment
    5. Step 5: Create a target profile
    6. Step 6: Perform a gap analysis
    7. Step 7: Implement the action plan
    8. Continual improvement
    9. Decision-making and implementation responsibilities
  12. Chapter 6: Alignment with other frameworks
    1. ISO 27001
    2. ISO 22301
    3. Combining ISO 27001 and ISO 22301
  13. Appendix: Key changes from Version 1.0 to 1.1
  14. Glossary
  15. Further reading

Product information

  • Title: NIST Cybersecurity Framework - A pocket guide
  • Author(s): Alan Calder
  • Release date: September 2018
  • Publisher(s): IT Governance Publishing
  • ISBN: 9781787780422