Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

05 Assets, Threats, and Vulnerabilities > MD1: The NIST Cybersecurity Framework > Flashcards

MD1: The NIST Cybersecurity Framework Flashcards

1
Q

Compliance

A

Compliance is the process of adhering to internal standards and external regulations.

At a high-level, maintaining trust, reputation, safety, and the integrity of your data are just a few reasons to be concerned about compliance. Fines, penalties, and lawsuits are other reasons. This is particularly true for companies in highly regulated industries, like health care, energy, and finance. Being out of compliance with a regulation can cause long lasting financial and reputational effects that can seriously impact a business.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Regulations

A

Regulations are rules set by a government or other authority to control the way something is done. Like policies, regulations exist to protect people and their information, but on a larger scale. Compliance can be a complex process because of the many regulations that exist all around the world. For our purpose, we’re going to focus on a framework of security compliance, the U.S. based NIST Cybersecurity Framework.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

the National Institute of Standards and Technology, or NIST

A

One of the primary roles of NIST is to openly provide companies with a set of frameworks and security standards that reflect key security related regulations. The NIST Cybersecurity Framework is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk. Commonly known as the CSF, this framework was developed to help businesses secure one of their most important assets, information. The CSF consists of three main components:

  • the core,
  • it’s tiers, and
  • it’s profiles.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

NIST

  1. Core
A

The core is basically a simplified version of the functions, or duties, of a security plan. The CSF core identifies five broad functions: identify, protect, detect, respond, and recover. Think of these categories of the core as a security checklist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

NIST

  1. Tiers
A

After the core, the next NIST component we’ll discuss is its tiers. These provide security teams with a way to measure performance across each of the five functions of the core. Tiers range from Level-1 to Level-4. Level-1, or passive, indicates a function is reaching bare minimum standards. Level-4, or adaptive, is an indication that a function is being performed at an exemplary standard. You may have noticed that CSF tiers aren’t a yes or no proposition; instead, there’s a range of values. That’s because tiers are designed as a way of showing organizations what is and isn’t working with their security plans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

NIST

  1. Profiles
A

profiles are the final component of CSF. These provide insight into the current state of a security plan. One way to think of profiles is like photos capturing a moment in time. Comparing photos of the same subject taken at different times can provide useful insights. For example, without these photos, you might not notice how this tree has changed. It’s the same with NIST profiles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

05 Assets, Threats, and Vulnerabilities (50 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions