sdlc
rajeedubba
Week-1-8100paper.docxRunning head: NIST FRAMEWORK 1
NIST FRAMEWORK 6
National Institute of Standard and Technology (NIST) Framework
Raj Kumar Dhubba
Wilmington University
National Institute of Standard and Technology (NIST) Framework
Introduction
The problem of information security is increasing at an alarming rate that there raise a big attention to the government, collaboration of nations and private sectors. The year of 2017 has seen the greatest number of cyberspace attacks ever recorded in statistics. (Im networking, 2017). One of the areas that has experience much of the attack is the Bring-Your-Own-Device at work(BYOD) technology where workers use their devices to access corporate data and network resources.
According to Garba, Armarego & Kenworthy (2015), the new technology has security concerns despite its benefit of making work easier and hence there is need for its evaluation. As a result of the rising issue of the cyber security, this cybersecurity framework was formed and was intended to provide the best practices that private sectors and public sectors should follow to safeguard security.
Comparison with Other Frameworks
There are several frameworks used in advocating security practices. These include; National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework and Department of Defense (DoD) Risk Management Framework (RMF) for DoD Information Technology (IT).
The NICE framework is involved in defining security roles or tasks for federal agencies as well as administrative purposes. (Newhouse, 2017). It ensures that the workforce of any organization would fulfil the requirements of cybersecurity defined by an organization. It involves the support for training opportunities and use of their industrial certifications to seek more professional development. Even though this framework would promote efficiency and welfare of the workers, it does not support other sections of security such as infrastructure. Hence, the NIST framework is more recommendable than the NICE because it supports a wider field of Cybersecurity aspects. On the other hand, the DoD framework focuses on risk management in relation to plan, evaluation, implementation as well as monitoring of security controls. The drawback of DoD framework is too specific for defense-based organizations and its not well enough to fit for the enterprise demands and other governmental agencies which are main sectors of cybersecurity standards. (Department of Defense, 2014). Hence, of the three cybersecurity frameworks, NIST is what I recommend as the appropriate framework.
NIST Framework Overview
The national economy of the US relies on the effective working of the core critical infrastructure. Threats to information security has increased concavity of these important infrastructure systems which has placed public safety, health, economy and security at risk. As well, companies experience reduced reputation and financial risk due to increased threats.
In respond to this, the federal government presided by the president of the US ordered the improvement of cyber security infrastructure in 2013. This prompted the creation of voluntary frameworks with the “National Institute of Standard and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity” being one of them. Apart from maintaining a safe cyber environment, the framework is intended to encourage innovation, economic prosperity and efficiency while ensuring civil liberties and business confidentiality. The private sector collaborated with the government where risks to cyber security was managed and addressed by a standard language. Cost effectiveness was a concern that this framework focused on with few business regulatory requirements. (W.D., 2017)
Main Concerns of the NIST Framework.
The framework is intended in using business drivers to control risks to security and encourage the inspiration of this framework in the risk management activities that business organizations conduct. As a result of the involvement of security in an organization’s investment, the overall security of the nation would be improved and there would be an apparent reduction in security threats.
Several cybersecurity standards, practices and guidelines that this framework integrates result to a great impact of this framework in ensuring the security of the organization. Furthermore, since it takes references on standards that are globally recognized, the framework is usable in countries that are outside the US and would be an effective model for supporting critical cybersecurity infrastructure. (Newhouse.,2017).
NIST Framework Core Elements
The Framework Implementation Tier, Framework Profiles and Framework Core are the three parts forming this risk-based cybersecurity Framework.
b. Framework Profile component is a view of the standards, practices and guidelines alignment of Framework Core towards a given problem domain implementation. By comparing the Target Profile with the Current Profile, then cybersecurity improvement opportunities can be identified.
c. Framework Core- the Framework comprises of activities of cybersecurity, expected outcomes as well as applicable infrastructure references. This component consist of five progressing functions; identifying, protecting, detecting, responding and recovering. The lifecycle of risk management that an organization applies is achieved by consolidating these functions. The core elements are as follows;
i) Functions are help organizations to express its cybersecurity risk management through facilitating decisions pertaining to risk management, organizing and addressing threats as well as learning from history. With these functions, it would be able to evaluate the impact that an investment in cybersecurity would have.
ii) Categories are functioned element is subdivided into categories which provide specific programmatic solutions of given activities such as Access Control and Asset Management. These sub-categories represent the smallest units of work divisions.
iii) Sub-categories these provide further categorization of the categories function
iv) Informative references –these are specific guidelines or standards that support the functioning of a given sub-category. It would enable the outcome to be met by a sub-category. (NIST,2017).
References
NIST. (2017). Framework for Improving Critical Infrastructure Cybersecurity Draft Version 1.1 National Institute of Standards and Technology.
Imsnetworking. (2017). Attacks On Networks Continue Rise At Alarming Rate In 2017 Retrieved October 30, 2017 from https://www.imsnetworking.com/2017/08/23/attacks-on-networks-continue-rise-at-alarming-rate-in-2017/
Garba, A., Armarego, J., & Kenworthy, W. (2015). Review of the information security and privacy challenges in Bring Your Own Device (BYOD) environments. Journal of Information privacy and security, 11(1), 38-54.
Newhouse, W. D. (2017). NICE Cybersecurity Workforce Framework: National Initiative for Cybersecurity Education. Special Publication (NIST SP)-800-181.
Department of Defense. (2014). Management Framework (RMF) for DoD Information Technology (IT)
