The NIST Cybersecurity Framework is a set of voluntary standards, guidelines, and practices. Small and medium size businesses benefit the most from using the NIST (SP 800-53) security framework. Much like larger size businesses, small and medium businesses normally house sensitive personal data, and proprietary and financial information. This means they are increasingly becoming targets for cyber criminals who recognize that smaller businesses may be easier to penetrate as they may lack the institutional knowledge and resources that larger companies have to protect their information.
A frameworks value can be measured through its ability to identify and manage risk (Johnson & Merkow, 2011, p. 183). Using the NIST framework, risk management is multitiered. “To integrate the risk management process throughout the organization and more effectively address mission/business concerns, a three-tiered approach is employed that addresses risk at the: (1) organization level; (2) mission/business process level; and (3) information system level (Gallagher, 2015)”. The overall objective of this process is continuous improvement in the organization’s risk-related activities and effective communication among all stakeholders having a shared interest in the mission/business success of the organization (Gallagher, 2015). The security control structure is organized into eighteen families (access control, awareness and training, audit and accountability, security assessment and authorization, configuration management, contingency planning, identification and authentication, incident response, maintenance, media protection, physical and environmental protection, planning, personnel security, risk assessment, system and ...
... middle of paper ...
...criptive, so the details of how to implement it are left to the organization to figure out. However, this is by design because if the government had prescribed a set of cybersecurity practices, there would have been protests. “In fact, prior to the president’s order, there had been yearly attempts in Congress to pass some type of cybersecurity legislation about data breach notification and sharing, but nothing was approved due to ideological differences about the various approaches (Gallagher, 2015)”. “The framework introduces the concept of tiers and profiles, which are designed to allow an organization, after it assesses its cybersecurity risks, to decide the degree of rigor and sophistication it wishes to employ in its cybersecurity system, and to develop a plan of its current and future cybersecurity postures for various aspects of its operations (Stroud, 2015)”.
Need Writing Help?
Get feedback on grammar, clarity, concision and logic instantly.Check your paper »
- IFRS stands for International Financial Reporting Standards, which is a set of accounting standards that can be used globally by public companies for financial reporting. The set of standards are governed by the International Accounting Standards Board that is based in London. The purpose of converting the U.S to these standards is to streamline all the companies that are abroad and in the United States as far as financial reporting. This process is supposed to produce cost savings for companies that operate in the U.S.... [tags: International Financial Reporting Standards]
1091 words (3.1 pages)
- In order to succeed with a security program, an organization must share the responsibility with both the general management and IT management. Management must have a role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines. These roles will help threats that may be posed to the program as well as attacks against the information within the systems. To combat these issues, an information security governance is needed to ensure proper processes are followed.... [tags: Management, Information security, Security]
835 words (2.4 pages)
- Introduction: Business today retains a variety of problems, a major one of these problems are breaches in information and consequently society has come up with Information security to help secure peoples privacy. In order to understand why we have information security, one has to first apprehend the value of information. Typical information stored by different businesses and individuals will consist of an assortment of hypersensitive information that revolves around their employees, financial status, earnings, plans for the future, personal information etc.... [tags: Information Security]
1469 words (4.2 pages)
- Question One A security program needs to be layered at every level of the organization. Having a layer of security missing in the program could result in the jeopardizing of the entire framework. Each layer is meant to support and protect the other layers set in place. (Harris, 2012, p. 35) According to SANS Institute there are at least five elements that are crucial to a security program. The first element is to periodically assess risk. In this element, the goal is to compile and understand the risks from a completed threat assessment, vulnerability assessment, and asset identification.... [tags: Information security, Security, Computer security]
881 words (2.5 pages)
- There are four domains of vulnerabilities that may cause information/data security breaches. Information Security Governance, People, Processes and Technology are it. Hacking, stealing and copying information are the examples of breaches that takes place at times. According to the information security governance, success is often less, due to inability to value the the organisation 's information and data. This creates the discussion on the needs for security and the resources to be assigned to this.... [tags: Information security, Computer security, Security]
734 words (2.1 pages)
- The information security challenges faced in Zanzibar are persistent in transitional countries as could be seen in the case study “state of Information Security in Zanzibar’s public sector” (Shaaban, et al., 2012). Most of these challenges are partly attributed to lack of proper budgeting for ICT infrastructures, cultural gap awareness, political instability, trust, business continuity plan, and inadequate human resource management to effectively manage this technology (Dada, 2006). The application of e-government in corporate governance to improve efficiency and effectiveness of the public sector agencies and delivery of services to the users has increased extensively, due to its result ori... [tags: Security Challenges, Transitional Countries]
1456 words (4.2 pages)
- Standards and Policies Technical standards are an important part in defining rules for conducting business using information technology and CenturyLink has made great efforts to develop a set of polices to ensure data is secure and that workgroups can mitigate the risks associated with their business activities. The CIO and the CenturyLink Cyber Security Steering Committee (CSSC) develop policies that define rules for network and data handling, access to systems, testing of hardware, developmental practices, and disaster recovery and business continuity processes.... [tags: Database, Database management system, SQL]
1229 words (3.5 pages)
- An abundance of information security and risk management theories are prevalent; however, it can be difficult to identify valid and applicable theories. In the reading to follow, several information security and risk management theories are evaluated. These theories are presented and employed via various frameworks, models, and best practice guidelines. An assessment of sufficient research pertaining to these theories is addressed, along with a consideration of the challenges that arise from a lack of research.... [tags: it security, risk management, nist]
1902 words (5.4 pages)
- Introduction: This document will outline the policies and practices to be used and implemented in compliance with DoD specifications and standards for the contract of services to be provided to them. This report will consist of creating security controls based on auditing frameworks within the seven domains. Also to develop information assurance (IA) plan, a list of the requirements for each of the seven domains. Department of Defense (DoD) Standards and Requirements This project must meet the requirements of DoD security policies and standards for delivery of the technology services.... [tags: Security, Risk, Risk management, Access control]
1924 words (5.5 pages)
- Companies in each country have to adapt and regulate their financial statements to certain requirements. They base and format their accounting standards on their national General Accepted Accounting Principles (GAAP) set by security regulators. However, in this modern globalized era, owing to too many financial differences between nations, it is increasingly difficult for entities to compare their financial records and identify trends in their financial position and performance with their competitors.... [tags: Accounting International Business]
1439 words (4.1 pages)