NIST Cybersecurity Framework: A Guide to Prevent, Detect & Respond to Cybercrime - Research Paper

Introduction

NIST (National Institute of Standards and Technology) is one of the most renowned cybersecurity frameworks of the modern era. NIST was developed in 2014 to target important infrastructure in the United States. Today, NIST provides a policy framework of computer security measures on how private institutions in the country can gradually advance their methods of preventing, detecting, and responding to cybercrime. NIST was based on the need to have organizations balancing the demanding cyber threat landscape with business expectations. Private-sector owners were the primary stakeholders, yet today, it is being implemented by multiple communities and worldwide organizations, including JP Morgan Chase, Microsoft, and Boeing (NIST, 2020). Many organizations using the framework are now getting knowledge of the potential cyber threats and vulnerabilities, as well as the possible means of risk control.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Many organizations are being proactive about risk management through the NIST framework. Supply Chain Risk Management involves a consideration of various firm priorities, constraints, risk tolerances, and assumptions. These factors can be used communally to support risk decisions as they apply to managing supply chain risk. It is only through NIST that an organization can have the most effective processes to determine, assess, and manage every supply chain risk (Newhouse, Keith, Scribner, & Witte, 2017). Besides, NIST helps let the various factors support operational risk decisions (Dedeke, 2017). These decisions are informed through the Business Environment that incorporates an organization's mission, objectives, stakeholders, and activities.

The NIST framework allows various staff at all levels within an organization to have a common language through which they can understand potential organizational risks. Besides, the language targets every point in a supply chain as it gives a clear picture of the potential hazards to the productivity of the business. NIST also allows organizations to also reduce risks through customized measures for as long as they can understand every cybersecurity risk, including vulnerabilities, threats, and impacts (Newhouse, Keith, Scribner, & Witte, 2017). Besides, customized features can let organizations respond and recover easily from cyber threats. This can be done through an analysis of the root causes of the risk and judgment on how improvements can be made within the organization.

The Risk Management Strategy by NIST involves five core processes. These include identifying, protecting, detecting, responding, and recovering. The Risk Management Strategy was developed from the processes as they can easily build an effective cybersecurity program. Each of the processes is important in letting companies express their management practices of cyber threats and encourage diverse but effective risk management decisions (Webb & Hume, 2018). The identity function assists organizations in understanding the management of cybersecurity risks. The greater context incorporates the system, people, data, assets, and capabilities (NIST, 2020). The Identify function also lets organizations stick to their efforts as they align with their business standards. Various activities such as identifying physical and software assets, the various cybersecurity policies, vulnerabilities, the Business Environment, and a Supply Chain Risk Management strategy.

The protect function of the Risk Management Strategy, as it applies to NIST, involves outlining any safeguards that encourage the delivery of important infrastructure services. Protecting could also be perceived as limiting or containing the implications of cyber threats (NIST, 2020). This function may involve the activities of protecting "Identity Management and Access Control," the various organizational resources, as well as developing a Data Security protection technique that aligns with the organization's risk strategy. The Detect function of the Risk Management Strategy in NIST involves defining the most important activities to seek and realize potential cyber threats (NIST, 2020). Therefore, it is through the function that organizations can discover cybersecurity events promptly. A few components are involved during detecting, including identification of anomalies and events as well as their potential impacts, enhancing Security Continuous Monitoring, and maintaining the Detection procedures to encourage the awareness of any threat to the system.

The Respond component of the Risk Management Strategy as it applies to NIST involves the activities taken concerning a security threat. It is only through responding that organizations can contain and address the impact of a cyber threat. The Respond Function ensures that organizations have Response Planning processes to be implemented before and during the event (NIST, 2020). The function also includes the management of communications, analysis, mitigation to prevent the extension of the incident, and creating learning lessons for future responses. The Recover function of the Risk Management Strategy of NIST includes the identification of various actions meant to enhance resilience and restoration of compromised capabilities and services (NIST, 2020). The time used for Recovery determines how faster a business can get back to its operations and reduce any impacts from cyber threats. Organizations may consider implementing Recovery Planning processes and procedures to address cyber threats through restoration methods. Besides, Recovery ensures the implementation of improvements and coordination of internal and external communications.

NIST, as a cybersecurity framework, has a well-established Risk Management Strategy that draws organizations, both large and small, into buying the idea. The strategy involves five functions, including identifying, protecting, detecting, responding, and recovering. Organizations implementing the strategy outlined by NIST are more proactive than those that do not have a Risk Management Strategy in place. With more complexity and extents of cyberattacks, there is a need to implement NIST as it is effective in multiple ways as there are no underlying legal or authority mandates.

References

Dedeke, A. (2017). Cybersecurity Framework Adoption: Using Capability Levels for Implementation Tiers and Profiles. IEEE Security & Privacy, 15(5), 47-54. doi:10.1109/msp.2017.3681063

Newhouse, W., Keith, S., Scribner, B., & Witte, G. (2017). National initiative for cybersecurity education (NICE) cybersecurity workforce framework. NIST Special Publication, 800, 181.

NIST. (2020). Cybersecurity Framework. Retrieved from https://www.nist.gov/industry-impacts/cybersecurity-framework

NIST. (2020). The Five Functions. Retrieved from https://www.nist.gov/cyberframework/online-learning/five-functions

Webb, J., & Hume, D. (2018). Campus IoT Collaboration and Governance using the NIST Cybersecurity Framework. Living in the Internet of Things: Cybersecurity of the IoT - 2018. doi:10.1049/cp.2018.0025