NIST Cybersecurity Framework
What is Information Security?
NIST defines it as the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
Those are three of the five major elements of Information Security being the other two authenticity and non-repudiation which we’ll go through individually.
Why do we need Information Security?
Several topics add to the need of Information Security:
- Technology advancements
- Distribution of information through devices
- Increase of impact of security breaches
- More complexity of infrastructures and its management
Elements of Information Security
As state previously Information Security relies on five elements.
Confidentiality is the assurance that the information is accessible only to those authorized.
Integrity is the assurance that the information hasn’t been tampered or altered, in other words, is trustworthy.
Availability is the assurance that information is accessible whenever and wherever it’s stored.
Authenticity is the assurance that the user who access or creates the information is really who he says
Non-repudiation is the assurance that a user cannot denied being the source of the information
NIST Cybersecurity Framework (CSF)
Why use NIST CSF?
Managing Information Security is about managing Cybersecurity risk. The CSF provides a methodology that include activities to complement an organization’s Cybersecurity program and risk management process.
Risk Management
Senior Executive Level defines and communicates mission priorities, available resources and overall risk tolerance to business level.
Business/Process Level uses that information as inputs and formulates a profile to coordinate implementation level activities.
Implementation/Operations Level report the implementation progress to the business level.
Business/Process Level uses these reports to perform an impact assessment and then report the results to senior level to inform of the organization’s overall risk management process and to the implementation level for awareness of business impact.
CSF Components
There are three main components for this framework:
- Core
- Tiers
- Profile
Core
This component is a set of activities and outcomes and it includes five high level functions:
Identify
- Identify critical assets
- document information flow
- HW and SW inventory
- Establish policies
- Identify threats, vulnerabilities and risks
Protect
- Manage access
- Protect Data
- Backup
- Protect devices
- Manage vulnerabilities
- Train users
Detect
- Test detection processes
- Logs
- Know you data flows
- Understand impact
Respond
- Test response plans
- Update response plans
- Coordinate with stakeholders
Recover
- Communicate with stakeholders
- Ensure recovery plans are updated
- Manage company PR
Tiers
Define to which degree the company’s practices exhibit the characteristics defined by the framework
Profiles
Profiles are used to describe the current state or the desired target state of specific activities.