Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Unveiling NIST Cybersecurity Framework 2.0
Unveiling NIST Cybersecurity Framework 2.0

Unveiling NIST Cybersecurity Framework 2.0: Secure your organization with the practical applications of CSF

Arrow left icon
Profile Icon Jason Brown
Arrow right icon
₹800 per month
Paperback Oct 2024 182 pages 1st Edition
eBook
₹799.99 ₹2680.99
Paperback
₹3351.99
Subscription
Free Trial
Renews at ₹800p/m
Arrow left icon
Profile Icon Jason Brown
Arrow right icon
₹800 per month
Paperback Oct 2024 182 pages 1st Edition
eBook
₹799.99 ₹2680.99
Paperback
₹3351.99
Subscription
Free Trial
Renews at ₹800p/m
eBook
₹799.99 ₹2680.99
Paperback
₹3351.99
Subscription
Free Trial
Renews at ₹800p/m

What do you get with a Packt Subscription?

Free for first 7 days. ₹800 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Unveiling NIST Cybersecurity Framework 2.0

Introduction to Cybersecurity Frameworks

In this book, we take a deep dive into a framework developed by the National Institute of Standards and Technology (NIST) called the Cybersecurity Framework (CSF). This framework was originally developed to better protect critical infrastructure businesses from threats, identify and handle information technology (IT) risks, and build resiliency into your IT and cybersecurity program.

In this chapter, we will take a look at the following topics:

  • What is a framework?
  • Why the NIST CSF?
  • The history behind the NIST CSF
  • Comparing the CSF to other frameworks
  • NIST CSF success stories

What is a framework?

There are many ways to get a cybersecurity program off the ground, but where should you start? This can be intimidating to many IT professionals as cybersecurity has its own language. Frameworks are developed to assist organizations with this endeavor. A framework is used to align a program against best practices. It can also be a set of requirements that one must implement to perform a particular function.

Frameworks do not necessarily tell you how to implement a particular control, only that you should have it in place. For instance, a framework may state that you should implement multi-factor authentication (MFA); however, it may not state how or where to implement it. The framework may state that you ensure proper auditing and logging is configured, but not state how to do it or how long you should keep the logs.

A framework is a document used to help the organization implement best practices. You, or the head of security, may decide that you do not intend...

Why the NIST CSF?

The NIST CSF is a wonderful cybersecurity framework to start off with. It was meant for organizations that are considered critical infrastructure to assist in implementing cybersecurity controls. Also, it is free to consume. Well, it is not necessarily free – I mean if you are a US citizen, then your tax dollars paid for it to be developed.

Though it was originally written for critical infrastructure businesses, the NIST CSF 2.0 is meant to be easily adopted and used for small to medium-sized, even larger, organizations. The framework was written in such a way that it can be customizable when implemented. As you will see later on in this chapter, organizations that adopted other frameworks migrated to the CSF because they were hard to implement.

As mentioned, the CSF is a framework that is easy to understand, easy to maintain, and easy to score and show progress of how your cybersecurity program is maturing. It also sets you and your organization up for...

The history behind the NIST CSF

The 2000s and 2010s were a mess for IT and cybersecurity. Though the thought of implementing a cybersecurity program was far from people’s minds, the concept started to grow. During the 2000s, we had viruses such as SQL Slammer, Code Red, Blaster, and Conficker, to name a few. These computer viruses wreaked havoc across many organizations, governments, and higher education institutions. When the 2010s came around, we had Stuxnet and Flame. However, in 2013, we began to see ransomware take hold with CryptoLocker.

Due to businesses being hit by malicious payloads, and many not knowing what to do or how to protect themselves, the Obama administration stepped in. In February 2013, the president signed Executive Order 13636, named “Improving Critical Infrastructure Cybersecurity,” directing NIST to develop a new framework for cybersecurity. In 2014, we saw the first edition of the CSF.

The early version of the CSF was aimed specifically...

Comparing the CSF to other frameworks

As mentioned previously, there are several different cybersecurity frameworks to choose from. Each category and subcategory found in the NIST CSF aligns with other frameworks as well. There is an information reference that correlates to every subcategory. Why is that important?

Maybe you received an inquiry about how you and your organization have implemented its security controls. The inquiry is based on ISO or SP 800-53, but wait a minute – you are using the CSF; how can those match up?

There is a matrix for each control and how that aligns with other frameworks. This is to assist in answering questions regarding the CSF as compared with other frameworks. It is also meant to assist you if you decide to adopt a different framework. The point is, if you start off with the CSF and decide to jump to another one, all is not lost. I am not, by any means, saying that you should start with the CSF and then naturally jump to a different framework...

NIST CSF success stories

Organizations have the freedom to use and implement the NIST CSF to best fit their needs. The beauty of the framework is in its flexibility in implementing the necessary cybersecurity controls. Plenty of organizations have achieved their goals of reducing overall cyber risk through its use, but do not take my word for it. The following is a set of success stories of other organizations that have implemented the CSF.

Lower Colorado River Authority

Serving the residents of Texas, the Lower Colorado River Authority (LCRA) has a tough job. LCRA ensures water coming from the river is safe to use for the millions of residents of that state. The river authority is considered a critical infrastructure and must ensure that its IT and operational technology (OT) are secured.

LCRA initially adopted NIST’s SP 800-53 to implement cybersecurity controls. Due to its massive size, this caused serious problems with the framework rollout. LCRA required a framework...

Summary

In this chapter, we reviewed what a framework is and why it is important. Frameworks were developed to assist organizations in filling in the blanks of building a cybersecurity program. The NIST CSF is a framework that can be applied to your organization with little effort.

As cyber-attacks took hold during the early 2000s, we needed to rapidly increase our security posture. Cybersecurity frameworks were created to assist organizations in doing just that. Many may think that IT and cybersecurity are identical, but they are not. As we learned, cybersecurity has its own language and way of implementing solutions.

As we saw in the success stories, several organizations had come from other frameworks and began to use the CSF due to its flexibility in allowing for agility across multiple business functions.

In the next chapter, we will dive deeper into the CSF and review the framework core, tiers, and profiles. We will then look at how to evaluate and reduce risk. More...

References

  1. Cybersecurity Framework Success StoryLower Colorado River Authority:

    https://www.nist.gov/system/files/documents/2021/10/26/LCRA%20CSF%20Success%20Story_Comments%20Incorporated%5B53%5D.pdf

  2. Cybersecurity Framework Success StoryUniversity of Chicago Biological Sciences Division:

    https://www.nist.gov/system/files/documents/2020/07/23/University%20of%20Chicago%20Success%20Story%20062920%20508.pdf

Left arrow icon Right arrow icon

Key benefits

  • Leverage the NIST Cybersecurity Framework to align your program with best practices
  • Gain an in-depth understanding of the framework's functions, tiering, and controls
  • Conduct assessments using the framework to evaluate your current posture and develop a strategic roadmap
  • Purchase of the print or Kindle book includes a free PDF eBook

Description

Discover what makes the NIST Cybersecurity Framework (CSF) pivotal for both public and private institutions seeking robust cybersecurity solutions with this comprehensive guide to implementing the CSF, updated to cover the latest release, version 2.0. This book will get you acquainted with the framework’s history, fundamentals, and functions, including governance, protection, detection, response, and recovery. You’ll also explore risk management processes, policy development, and the implementation of standards and procedures. Through detailed case studies and success stories, you’ll find out about all of the practical applications of the framework in various organizations and be guided through key topics such as supply chain risk management, continuous monitoring, incident response, and recovery planning. You’ll see how the NIST framework enables you to identify and reduce cyber risk by locating it and developing project plans to either mitigate, accept, transfer, or reject the risk. By the end of this book, you’ll have developed the skills needed to strengthen your organization’s cybersecurity defenses by measuring its cybersecurity program, building a strategic roadmap, and aligning the business with best practices.

Who is this book for?

This book is for beginners passionate about cybersecurity and eager to learn more about frameworks and governance. A basic understanding of cybersecurity concepts will be helpful to get the best out of the book.

What you will learn

  • Understand the structure and core functions of NIST CSF 2.0
  • Evaluate implementation tiers and profiles for tailored cybersecurity strategies
  • Apply enterprise risk management and cybersecurity supply chain risk management principles
  • Master methods to assess and mitigate cybersecurity risks effectively within your organization
  • Gain insights into developing comprehensive policies, standards, and procedures to support your cybersecurity initiatives
  • Develop techniques for conducting thorough cybersecurity assessments

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Oct 31, 2024
Length: 182 pages
Edition : 1st
Language : English
ISBN-13 : 9781835463079
Category :
Concepts :

What do you get with a Packt Subscription?

Free for first 7 days. ₹800 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Oct 31, 2024
Length: 182 pages
Edition : 1st
Language : English
ISBN-13 : 9781835463079
Category :
Concepts :

Packt Subscriptions

See our plans and pricing
Modal Close icon
₹800 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
₹4500 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₹400 each
Feature tick icon Exclusive print discounts
₹5000 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₹400 each
Feature tick icon Exclusive print discounts
Banner background image

Table of Contents

16 Chapters
Part 1:Why Select the NIST Cybersecurity Framework? Chevron down icon Chevron up icon
Chapter 1: Introduction to Cybersecurity Frameworks Chevron down icon Chevron up icon
Chapter 2: NIST Cybersecurity Framework Fundamentals Chevron down icon Chevron up icon
Part 2: NIST Cybersecurity Framework Functions Chevron down icon Chevron up icon
Chapter 3: Govern Chevron down icon Chevron up icon
Chapter 4: Identify Chevron down icon Chevron up icon
Chapter 5: Protect Chevron down icon Chevron up icon
Chapter 6: Detect Chevron down icon Chevron up icon
Chapter 7: Respond Chevron down icon Chevron up icon
Chapter 8: Recover Chevron down icon Chevron up icon
Part 3: Applying the Framework Chevron down icon Chevron up icon
Chapter 9: How to Deal with Cyber Risk Chevron down icon Chevron up icon
Chapter 10: Policies, Standards, and Procedures Chevron down icon Chevron up icon
Chapter 11: Assessment Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.