The IT Security Framework: The NIST Cybersecurity Framework

1190 Words3 Pages
bulb-icon

Recommended: Micro and small enterprises

IT Security Policy Framework The NIST Cybersecurity Framework is a set of voluntary standards, guidelines, and practices. Small and medium size businesses benefit the most from using the NIST (SP 800-53) security framework. Much like larger size businesses, small and medium businesses normally house sensitive personal data, and proprietary and financial information. This means they are increasingly becoming targets for cyber criminals who recognize that smaller businesses may be easier to penetrate as they may lack the institutional knowledge and resources that larger companies have to protect their information. A frameworks value can be measured through its ability to identify and manage risk (Johnson & Merkow, 2011, p. 183). Using the NIST …show more content…

“To assist organizations in making the appropriate selection of security controls for information systems, the concept of baseline controls is introduced. Baseline controls are the starting point for the security control selection process (Gallagher, 2015)”. “There are three distinct types of security control designations related to the security controls that define: (1) the scope of applicability for the control; (2) the shared nature of the control; and (3) the responsibility for control development, implementation, assessment, and authorization (Gallagher, 2015)”.The security control designations include common controls, system-specific controls, and hybrid …show more content…

External information system services are computing outside of the traditional security authorization boundaries established by organizations for their information systems. The traditional authorization boundaries that are linked to physical space and control of assets, are being extended (both physically and logically) with the use of external services. “External services can be provided by entities within the organization but outside of the security authorization boundaries established for organizational information systems, entities outside of the organization either in the public sector (e.g., federal agencies) or private sector (e.g., commercial service providers), or some combination of the public and private sector options (Gallagher, 2015)”. External information system services can include the use of service oriented architectures (SOAs), cloud-based services (infrastructure, platform, software), or data center

Show More
Related

  • Case Study Of The Sprout Foundation

    2486 Words  | 5 Pages

    Table 3-5. Magnitude of Impact Definitions, National Institute of Standards and Technology (NIST): Risk Management Guide for Information Technology Systems. Special Publication 800-30, 2002.

    Read More

  • NIST 800-53 Security Control Framework

    220 Words  | 1 Pages

    With the increasing use of emerging technologies and the associated information security threat threshold, Ohio University has adopted the NIST 800-53 security control framework to support their regulatory compliance efforts. NIST 800-53 is being implemented to provide a comprehensive set of security controls. This control framework is responsible for instituting minimum requirements that meet approved standards and guidelines for information security systems. It provides a baseline for managing issues relating to mobile and cloud computing, insider threats, trustworthiness and resilience of their information systems. NIST defines the standards and guidelines to be adhered to meet the cyber security control that align to FISMA expectations.

    Read More

  • Physical And Environmental Security Impact On Forensics Investigations

    1934 Words  | 4 Pages

    Physical and environmental security programs are generally considered to be a collection of mechanisms and controls put into place that help ensure the availability of information technology capabilities. These programs protect an organization from fire, flood, theft, power failure, intentional, and even unintentional damage through negligence. Implementation of these programs at the organizational level can take place in a number of ways but most organizations choose to follow the application of a body of standards, usually set forth by an organization such as the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Once such body of standards put forth by ISO/IEC is 27002, Information technology – Security techniques – Code of practice for information secur...

    Read More

  • The Comprehensive National Cybersecurity Initiative (CNCI)

    325 Words  | 1 Pages

    Michael Coppola had five years when he starts to be curios of how the things worked, and when he was in fourth grade he starts to make wed sites, and at 17 years he starts hacking. The country spends billions of dollars for secure in the cyberspace and the cybersecurity experts aren’t good enough. The Comprehensive National Cybersecurity Initiative (CNCI) says that one thing that we need is better cybereducation and more experts. The government think that they can find a new generation of experts by making cyber competitions like America Idol.

    Read More

  • Homeland Security: The Mission Of Homeland Security

    1035 Words  | 3 Pages

    Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what

    Read More

  • Security Controls Based On Auditing Frameworks Within The Seven Domains

    1924 Words  | 4 Pages

    This project must meet the requirements of DoD security policies and standards for delivery of the technology services. The first requirement we are to discuss is Federal Information Security Management Act (FISMA) which is a United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA assigned the National Institute of Standards and Technology (NIST), the responsibility of defining standards and security procedures to be followed and must be complied. There are nine processes NIST outlines to be in compliance with FISMA:

    Read More

  • Flayton Electronics Case Study

    929 Words  | 2 Pages

    Yaraghi, N., & Langhe, R. G. (2011). Critical Success Factors for Risk Management Systems. Journal of Risk Research, 14(5), 551-58

    Read More

  • Ethical Issues: Improving Health Information Technology

    1275 Words  | 3 Pages

    This includes measures to limit access to electronic information, to encrypt and decrypt electronic information, and to guard against unauthorized access to that information while it is being transmitted to others. Procedures and policies are required to address the following elements of technical safeguards: • Access control - Allowing only access to persons or software programs that have appropriate access rights to data or PHI by using, for example, unique user identification protocols, emergency access procedures, automatic logoff, and encryption and decryption mechanisms. • Audit controls - Recording and examining activity in health IT systems that contain or use PHI. • Integrity - Protecting PHI from improper alteration or destruction, including implementation of mechanisms to authenticate PHI. • Person or entity authentication - Verifying that a person or entity seeking access to PHI is who or what they claim to be (proof of

    Read More

  • Compare And Contrast Norton Vs Mcafee

    932 Words  | 2 Pages

    The Internet offers the chance to work in a efficient manner by utilizing computer-based tools. Whether a business is thinking utilizing the capability of cloud computing or just using email and maintaining a website, Security should be included in the planning. Theft of digital information is the most commonly reported fraud. Each business that utilizes the Internet should be responsible for creating a culture of security that will enhance business and consumer confidence (FCC, 2015). These are all items that a small business will need to help protect it computers and

    Read More

  • SCADA And Process Control Systems (PCS

    1781 Words  | 4 Pages

    The National Institute of Standards and Technology (NIST), United States National Security Agency (NSA), United States Department of Energy, The President 's Critical Infrastructure Protection Board as well as Public Safety and Emergency Preparedness Canada (PSEPC) have recognized that security in SCADA systems is essential.

    Read More

  • Case Study: Corrupting The Computer At The Broadway Café

    435 Words  | 1 Pages

    However, not every risk can be avoided, therefore, the objective is to determine the optimal (cost vs. benefit) level on controls to implement to help mitigate risks. In the café’s security case, human error was the primary issue. Such error resulted in an internal attack from a USB storage drive that could’ve been easily avoided with the implementation of controls. A simple preventative control such as, user awareness of risks, or by completely banning the use of USB’s or any device on any computer would have avoided this now costly

    Read More

  • Cybersecurity: The Importance of Computer Security in Every Business

    1099 Words  | 3 Pages

    Cybersecurity is the technology that protects computers and networks from unauthorized personnel. Ever since computers have expanded to homes and the workplace; the need for cyber security has grown exponentially. Millions of people around the world have access to the internet at a given time, and this allows for predators to attack, scam, hack, and intrude on personal and government information. Cybersecurity is designed to counteract these attempts to ultimately allow for safe networks and computers.

    Read More

  • Chief Information Officer Essay

    1378 Words  | 3 Pages

    These controls are logical access controls that are used for “identification, authentication, authorization and accountability” (Whitman & Mattord, 2013). As with many systems proper preparedness documents are crucial. There has to be a plan in the event of a disaster such as an

    Read More

  • Executive Roles and Responsibilities

    1800 Words  | 4 Pages

    In any corporate setting or military installation, a need to define proper boundaries and procedures for safeguarding data can be a daunting and sometimes a seemingly impossible task. Delineating, clarifying, and communicating the responsibilities for protecting and defending information resources is the first step in creating a culture that is sensitive and responsive to information security issues.

    Read More

  • Information Security

    2693 Words  | 6 Pages

    The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.

    Read More

More about The IT Security Framework: The NIST Cybersecurity Framework

Open Document