ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 16
NIST Cybersecurity Framework
The NIST Cybersecurity Framework enables
businesses and enterprises to evaluate
the risks they encounter. The framework
consists of three parts.
The Framework Core presents a range
of references, outcomes, and activities
associated with aspects and approaches
to cyber defense. The Framework
Implementation Tiers help organisations
IDENTIFY
establish their approach to cybersecurity
and clarify their stance to all stakeholders.
The tier also portrays the degree of
sophistication of the management
approach. The Framework Profile
contains a collection of outcomes the
enterprise picked from the categories and
subcategories based on its risk evaluation
and requirements.
PROTECT
DETECT
Organisations can create a “Current Profile”
based on the framework that includes
the cybersecurity activities and goals the
company aims for. Then it can develop
a “Target Profile” or go for a baseline
profile that meets the organisation’s
specific industry needs. Ultimately, the
organisation can craft actionable steps to
achieve the target profile.
RESPOND
PROACTIVE
Asset
Management
Business
Environment
Governance
Risk Assessment
Risk Management
Strategy
REACTIVE
Access Control
Awareness and
Training
Anomalies and
Events
Response
Planning
Security
Continuous
Monitoring
Communications
Data Security
Information
Protection and
Procedures
Analysis
Detection
Processes
Mitigation
Improvements
Maintenance
Proactive
Technology
16
RECOVER
Recovery Planning
Improvements
Communications
