The IT Security Framework: The NIST Cybersecurity Framework

1190 Words5 Pages
IT Security Policy Framework The NIST Cybersecurity Framework is a set of voluntary standards, guidelines, and practices. Small and medium size businesses benefit the most from using the NIST (SP 800-53) security framework. Much like larger size businesses, small and medium businesses normally house sensitive personal data, and proprietary and financial information. This means they are increasingly becoming targets for cyber criminals who recognize that smaller businesses may be easier to penetrate as they may lack the institutional knowledge and resources that larger companies have to protect their information. A frameworks value can be measured through its ability to identify and manage risk (Johnson & Merkow, 2011, p. 183). Using the NIST…show more content…
“To assist organizations in making the appropriate selection of security controls for information systems, the concept of baseline controls is introduced. Baseline controls are the starting point for the security control selection process (Gallagher, 2015)”. “There are three distinct types of security control designations related to the security controls that define: (1) the scope of applicability for the control; (2) the shared nature of the control; and (3) the responsibility for control development, implementation, assessment, and authorization (Gallagher, 2015)”.The security control designations include common controls, system-specific controls, and hybrid…show more content…
External information system services are computing outside of the traditional security authorization boundaries established by organizations for their information systems. The traditional authorization boundaries that are linked to physical space and control of assets, are being extended (both physically and logically) with the use of external services. “External services can be provided by entities within the organization but outside of the security authorization boundaries established for organizational information systems, entities outside of the organization either in the public sector (e.g., federal agencies) or private sector (e.g., commercial service providers), or some combination of the public and private sector options (Gallagher, 2015)”. External information system services can include the use of service oriented architectures (SOAs), cloud-based services (infrastructure, platform, software), or data center

More about The IT Security Framework: The NIST Cybersecurity Framework

Open Document