A1 M1 Flashcards
National Institute of Standards & Tech Frameworks
List the 3 primary components of the NIST Cybersecurity Framework.
Core
Tiers
Organizational Profiles
NIST CSF Core
describes cybersecurity outcomes that can be used to reduce cybersecurity risks
List the 6 functions of the CFS Core.
Govern
Identify
Protect
Detect
Respond
Recover
Function that established, communicates, & monitors the organization’s cybersecurity risk management strategy, expectations, & policy (oversight of others)
Govern
Function that focuses on understanding the assets & suppliers of an organization & the related cybersecurity risks
Identify
Function that focuses on an organization’s ability to secure its assets to prevent or reduce the likelihood & impact of adverse cybersecurity events
Protect
Function that focuses on the timely discovery of cybersecurity attacks & incidents
Detect
Function that focuses on a company’s ability to contain the effects of cybersecurity incidents
Respond
Function that focuses on supporting the timely restoration of a company’s normal operations to reduce the impact of cybersecurity incidents & communicate recovery efforts
Recover
A measure of an organization’s information security infrastructure sophistication
CSF Tiers
Determine success or failure of information security implementation
CSF Organizational Profiles
List the 4 CSF Tiers.
1 Partial
2 Risk-informed
3 Repeatable
4 Adaptive
Profile that specifies the outcome that an organization is achieving based on current cybersecurity posture
Current
Profile that specifies the desired outcome that an organization has prioritized achieving
Target
Profiles that are baseline outcomes developed among a number of organizations due to the shared interest & goals of a particular industry, sector, topic, or use case
Community
