The IT Security Framework: The NIST Cybersecurity Framework

1190 Words3 Pages
bulb-icon

Recommended: Micro and small enterprises

IT Security Policy Framework The NIST Cybersecurity Framework is a set of voluntary standards, guidelines, and practices. Small and medium size businesses benefit the most from using the NIST (SP 800-53) security framework. Much like larger size businesses, small and medium businesses normally house sensitive personal data, and proprietary and financial information. This means they are increasingly becoming targets for cyber criminals who recognize that smaller businesses may be easier to penetrate as they may lack the institutional knowledge and resources that larger companies have to protect their information. A frameworks value can be measured through its ability to identify and manage risk (Johnson & Merkow, 2011, p. 183). Using the NIST …show more content…

“To assist organizations in making the appropriate selection of security controls for information systems, the concept of baseline controls is introduced. Baseline controls are the starting point for the security control selection process (Gallagher, 2015)”. “There are three distinct types of security control designations related to the security controls that define: (1) the scope of applicability for the control; (2) the shared nature of the control; and (3) the responsibility for control development, implementation, assessment, and authorization (Gallagher, 2015)”.The security control designations include common controls, system-specific controls, and hybrid …show more content…

External information system services are computing outside of the traditional security authorization boundaries established by organizations for their information systems. The traditional authorization boundaries that are linked to physical space and control of assets, are being extended (both physically and logically) with the use of external services. “External services can be provided by entities within the organization but outside of the security authorization boundaries established for organizational information systems, entities outside of the organization either in the public sector (e.g., federal agencies) or private sector (e.g., commercial service providers), or some combination of the public and private sector options (Gallagher, 2015)”. External information system services can include the use of service oriented architectures (SOAs), cloud-based services (infrastructure, platform, software), or data center

Show More
Related

  • Security Controls Based On Auditing Frameworks Within The Seven Domains

    1924 Words  | 4 Pages

    This project must meet the requirements of DoD security policies and standards for delivery of the technology services. The first requirement we are to discuss is Federal Information Security Management Act (FISMA) which is a United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA assigned the National Institute of Standards and Technology (NIST), the responsibility of defining standards and security procedures to be followed and must be complied. There are nine processes NIST outlines to be in compliance with FISMA:

    Read More

  • Case Study Of The Sprout Foundation

    2486 Words  | 5 Pages

    National Institute of Standards and Technology (NIST): Risk Management Guide for Information Technology Systems. Special Publication 800-30, 2002.

    Read More

  • Physical And Environmental Security Impact On Forensics Investigations

    1934 Words  | 4 Pages

    Physical and environmental security programs are generally considered to be a collection of mechanisms and controls put into place that help ensure the availability of information technology capabilities. These programs protect an organization from fire, flood, theft, power failure, intentional, and even unintentional damage through negligence. Implementation of these programs at the organizational level can take place in a number of ways but most organizations choose to follow the application of a body of standards, usually set forth by an organization such as the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Once such body of standards put forth by ISO/IEC is 27002, Information technology – Security techniques – Code of practice for information secur...

    Read More

  • HIPAA, CIA, and Safeguards

    1633 Words  | 4 Pages

    Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.

    Read More

  • The Comprehensive National Cybersecurity Initiative (CNCI)

    325 Words  | 1 Pages

    Michael Coppola had five years when he starts to be curios of how the things worked, and when he was in fourth grade he starts to make wed sites, and at 17 years he starts hacking. The country spends billions of dollars for secure in the cyberspace and the cybersecurity experts aren’t good enough. The Comprehensive National Cybersecurity Initiative (CNCI) says that one thing that we need is better cybereducation and more experts. The government think that they can find a new generation of experts by making cyber competitions like America Idol.

    Read More

  • SCADA And Process Control Systems (PCS

    1781 Words  | 4 Pages

    The National Institute of Standards and Technology (NIST), United States National Security Agency (NSA), United States Department of Energy, The President 's Critical Infrastructure Protection Board as well as Public Safety and Emergency Preparedness Canada (PSEPC) have recognized that security in SCADA systems is essential.

    Read More

  • Analysis Of Silver Star Mines Risk Assessment

    1317 Words  | 3 Pages

    530). The risks assessment suggests to identify and manage critical documents and store them on a centralized application and file servers. Moreover, it proposes to use applicable controls. To further explain the applicable controls, role based control (RBAC) should be enabled to regulate access to the files resources based on the roles of individual users within the company. In this structure, access is the ability of an individual user to perform a specific task, such as view, create, or modify a file. Roles are defined according to job proficiency, authority, and responsibility within the business. In fact, role describes the level of access that users have for their account. For example, by assigning roles to users, administrators can allow multiple users to complete tasks securely. Also, RBAC limits risk by ensuring that users do not have access beyond their training or level of control. Thus, an employee 's role determines the level of permissions granted and ensures that junior level employees are not able to access sensitive information or perform high level tasks. Additionally, an employee education and security awareness program should be implemented to improve employee behavior, hold employees accountable for their actions, complying with rules, and improve employee knowledge base on

    Read More

  • Ethical Issues: Improving Health Information Technology

    1275 Words  | 3 Pages

    This includes measures to limit access to electronic information, to encrypt and decrypt electronic information, and to guard against unauthorized access to that information while it is being transmitted to others. Procedures and policies are required to address the following elements of technical safeguards: • Access control - Allowing only access to persons or software programs that have appropriate access rights to data or PHI by using, for example, unique user identification protocols, emergency access procedures, automatic logoff, and encryption and decryption mechanisms. • Audit controls - Recording and examining activity in health IT systems that contain or use PHI. • Integrity - Protecting PHI from improper alteration or destruction, including implementation of mechanisms to authenticate PHI. • Person or entity authentication - Verifying that a person or entity seeking access to PHI is who or what they claim to be (proof of

    Read More

  • Cybersecurity: The Importance of Computer Security in Every Business

    1099 Words  | 3 Pages

    Cybersecurity is the technology that protects computers and networks from unauthorized personnel. Ever since computers have expanded to homes and the workplace; the need for cyber security has grown exponentially. Millions of people around the world have access to the internet at a given time, and this allows for predators to attack, scam, hack, and intrude on personal and government information. Cybersecurity is designed to counteract these attempts to ultimately allow for safe networks and computers.

    Read More

  • Compare And Contrast Norton Vs Mcafee

    932 Words  | 2 Pages

    The Internet offers the chance to work in a efficient manner by utilizing computer-based tools. Whether a business is thinking utilizing the capability of cloud computing or just using email and maintaining a website, Security should be included in the planning. Theft of digital information is the most commonly reported fraud. Each business that utilizes the Internet should be responsible for creating a culture of security that will enhance business and consumer confidence (FCC, 2015). These are all items that a small business will need to help protect it computers and

    Read More

  • Case Study: Corrupting The Computer At The Broadway Café

    435 Words  | 1 Pages

    However, not every risk can be avoided, therefore, the objective is to determine the optimal (cost vs. benefit) level on controls to implement to help mitigate risks. In the café’s security case, human error was the primary issue. Such error resulted in an internal attack from a USB storage drive that could’ve been easily avoided with the implementation of controls. A simple preventative control such as, user awareness of risks, or by completely banning the use of USB’s or any device on any computer would have avoided this now costly

    Read More

  • Executive Roles and Responsibilities

    1800 Words  | 4 Pages

    In any corporate setting or military installation, a need to define proper boundaries and procedures for safeguarding data can be a daunting and sometimes a seemingly impossible task. Delineating, clarifying, and communicating the responsibilities for protecting and defending information resources is the first step in creating a culture that is sensitive and responsive to information security issues.

    Read More

  • Chief Information Officer Essay

    1378 Words  | 3 Pages

    These controls are logical access controls that are used for “identification, authentication, authorization and accountability” (Whitman & Mattord, 2013). As with many systems proper preparedness documents are crucial. There has to be a plan in the event of a disaster such as an

    Read More

  • Information Security

    2693 Words  | 6 Pages

    The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.

    Read More

  • Risk Management: COSO and SHAMPU frameworks

    2000 Words  | 4 Pages

    ... should be designed to reflect current hazards and unexpected future uncertainties. Moreover, the process of risk framework should be able to reflect costs and benefits before making a decision to remove threats.

    Read More

More about The IT Security Framework: The NIST Cybersecurity Framework

Open Document