Unit 1 - NIST CSWP 29 Flashcards
What does the NIST Cybersecurity Framework (CSF) 2.0 provide guidance on?
Managing cybersecurity risks
It offers a taxonomy of high-level cybersecurity outcomes for organizations of all sizes and sectors.
What are the primary components of the CSF 2.0?
- CSF Core
- CSF Organizational Profiles
- CSF Tiers
Each component serves a unique purpose in managing cybersecurity risks.
Who is the primary audience for the CSF?
Individuals responsible for developing and leading cybersecurity programs
It can also be used by executives, boards, risk managers, and policymakers.
True or False: The CSF prescribes specific outcomes and how they should be achieved.
False
The CSF links to resources for additional guidance but does not prescribe methods.
What is the purpose of CSF Organizational Profiles?
To describe an organization’s current and/or target cybersecurity posture
They relate to the outcomes defined in the CSF Core.
What are the CSF Functions?
- GOVERN
- IDENTIFY
- PROTECT
- DETECT
- RESPOND
- RECOVER
These Functions organize cybersecurity outcomes at the highest level.
Fill in the blank: The CSF Core is a taxonomy of high-level cybersecurity _______.
outcomes
It helps organizations manage their cybersecurity risks.
What does the GOVERN Function focus on?
Establishing, communicating, and monitoring the cybersecurity risk management strategy
It also addresses policy and oversight of cybersecurity strategy.
What does the IDENTIFY Function entail?
Understanding the organization’s current cybersecurity risks
This includes identifying assets and related cybersecurity risks.
What is the role of the PROTECT Function?
To implement safeguards to manage cybersecurity risks
This includes identity management, data security, and platform security.
What does DETECT refer to in the CSF?
The ability to find and analyze possible cybersecurity attacks and compromises
It supports incident response and recovery activities.
What actions does the RESPOND Function cover?
Actions taken regarding a detected cybersecurity incident
This includes incident management and communication.
What is the aim of the RECOVER Function?
To restore assets and operations affected by a cybersecurity incident
This helps reduce the effects of incidents and enables effective communication during recovery.
True or False: The CSF is designed to be a one-size-fits-all approach.
False
Organizations have unique risks and varying risk appetites, necessitating tailored implementations.
What are Informative References in the context of the CSF?
Sources of guidance on each outcome from existing global standards, guidelines, frameworks, regulations, and policies
They support organizations in achieving cybersecurity outcomes.
What do Implementation Examples illustrate?
Potential ways to achieve each outcome within the CSF
They help organizations understand practical applications of the framework.
Fill in the blank: The CSF is designed to be used by organizations of all _______ and sectors.
sizes
This includes industry, government, academia, and nonprofit organizations.
What is the significance of the Cybersecurity Framework (CSF) 2.0?
It helps organizations manage and reduce their cybersecurity risks
It is useful regardless of the maturity level of an organization’s cybersecurity programs.
What is the relationship between the CSF and enterprise risk management (ERM)?
The CSF is integrated into the broader ERM strategy
It addresses cybersecurity alongside other risks like financial and reputational risks.
What are potential benefits of actions to reduce cybersecurity risk for an organization?
Increasing revenue
For example, offering excess facility space to a commercial hosting provider.
What does the NIST Cybersecurity Framework (CSF) Functions diagram represent?
A wheel showing the interrelation of CSF Functions.
What is the role of the GOVERN Function in the CSF?
It informs how an organization will implement the other five Functions.
What are the five main Functions of the NIST Cybersecurity Framework?
- GOVERN
- IDENTIFY
- PROTECT
- DETECT
- RESPOND
- RECOVER
True or False: Actions supporting GOVERN, IDENTIFY, PROTECT, and DETECT should occur continuously.
True
What do CSF Profiles describe?
An organization’s current and/or target cybersecurity posture.
What is a Current Profile in the context of CSF Profiles?
Specifies the Core outcomes that an organization is currently achieving.
What does a Target Profile specify?
Desired outcomes prioritized for cybersecurity risk management objectives.
What is a Community Profile?
A baseline of CSF outcomes addressing shared interests among organizations.
List the steps to create and use a CSF Organizational Profile.
- Scope the Organizational Profile
- Gather needed information
- Create the Organizational Profile
- Analyze gaps and create an action plan
- Implement the action plan and update the Profile
What are CSF Tiers used for?
Characterizing the rigor of an organization’s cybersecurity risk governance.
What are the four Tiers in the NIST Cybersecurity Framework?
- Partial (Tier 1)
- Risk Informed (Tier 2)
- Repeatable (Tier 3)
- Adaptive (Tier 4)
Fill in the blank: The CSF provides a basis for improved _______ regarding cybersecurity expectations.
[risk management communication]
What types of online resources supplement the CSF?
- Informative References
- Implementation Examples
- Quick Start Guides
What are Informative References?
Mappings indicating relationships between the Core and various standards.
What do Implementation Examples provide?
Concise, action-oriented steps to achieve the outcomes of Subcategories.
What is the purpose of Quick Start Guides (QSGs)?
To provide actionable first steps for implementing the CSF.
How does the CSF improve risk management communication?
By fostering bidirectional information flow between executives and managers.
What types of ICT risk can organizations face?
- Privacy
- Supply chain
- Artificial intelligence
How can organizations integrate cybersecurity with other risk management programs?
By using Enterprise Risk Management (ERM) approaches.
What resources describe the relationship between cybersecurity risk management and ERM?
- NIST Cybersecurity Framework 2.0 – Enterprise Risk Management Quick-Start Guide
- NIST IR 8286 series
What is the purpose of NIST Interagency Report (IR) 8286?
Integrating Cybersecurity and Enterprise Risk Management (ERM)
IR 8286 consists of several parts, including identifying, estimating, prioritizing, and staging cybersecurity risks.
What does the NIST Cybersecurity Framework (CSF) help organizations with?
Integrating cybersecurity risk management with individual ICT risk management programs
This includes programs like SP 800-37 and SP 800-30.
How does the CSF relate to privacy risks?
It helps address privacy risks related to the loss of confidentiality, integrity, and availability of individuals’ data
Examples include data breaches leading to identity theft.
What is Cybersecurity Supply Chain Risk Management (C-SCRM)?
A systematic process for managing exposure to cybersecurity risk throughout supply chains
It includes developing appropriate response strategies, policies, and procedures.
What are the key components of the NIST CSF Core?
Functions, Categories, and Subcategories
These components help organizations in managing their cybersecurity risks.
Fill in the blank: The organizational mission is understood and informs _______.
cybersecurity risk management
What does the category ‘Govern’ (GV) in the CSF include?
Organizational Context, Risk Management Strategy, Roles, Responsibilities, and Authorities, Policy, Oversight, Cybersecurity Supply Chain Risk Management
Each component has specific identifiers for tracking.
What is the role of ‘Identify’ (ID) in the CSF?
Understanding the organization’s current cybersecurity risks
This includes asset management and risk assessment.
True or False: Privacy risks can only arise from cybersecurity incidents.
False
Privacy risks can also arise from data processing unrelated to cybersecurity.
What does the ‘Protect’ (PR) function focus on?
Using safeguards to manage the organization’s cybersecurity risks
This includes identity management and data security.
What is the significance of the NIST Artificial Intelligence Risk Management Framework (AI RMF)?
Helps address cybersecurity and privacy risks associated with AI
AI risks are treated alongside other enterprise risks.
What does the ‘Recover’ (RC) function in the CSF entail?
Incident Recovery Plan Execution and Incident Recovery Communication
This function ensures that organizations can recover from incidents.
What is the purpose of the NIST Privacy Framework?
To address different aspects of cybersecurity and privacy risks
It works alongside the NIST Cybersecurity Framework.
Fill in the blank: Cybersecurity roles and responsibilities for suppliers, customers, and partners are established and _______.
communicated
What is the focus of the ‘Detect’ (DE) function in the CSF?
Continuous Monitoring and Adverse Event Analysis
This function helps organizations identify cybersecurity incidents.
What does the ‘Incident Management’ (RS.MA) subcategory involve?
Managing incidents effectively to mitigate impacts
It is part of the ‘Respond’ (RS) function.
What is the goal of ‘Risk Assessment’ (ID.RA) in the CSF?
Understanding the cybersecurity risk to the organization, assets, and individuals
This includes identifying vulnerabilities and potential impacts.
True or False: The CSF is only applicable to large organizations.
False
The CSF is applicable to organizations of all sizes.
What does ‘Awareness and Training’ (PR.AT) ensure?
Personnel possess the knowledge and skills to perform cybersecurity tasks
Training is essential for effective risk management.
What are access permissions, entitlements, and authorizations defined in?
A policy
These are managed, enforced, and reviewed while incorporating the principles of least privilege and separation of duties.
What is the purpose of awareness and training (PR.AT) in cybersecurity?
To provide personnel with cybersecurity awareness and training
This ensures they can perform their cybersecurity-related tasks effectively.
What does PR.AT-01 focus on?
Providing personnel with awareness and training for general cybersecurity tasks
This includes understanding cybersecurity risks.
What is the aim of PR.DS in data security?
To manage data consistent with the organization’s risk strategy
This protects the confidentiality, integrity, and availability of information.
What does PR.DS-01 protect?
The confidentiality, integrity, and availability of data-at-rest
What does PR.PS stand for?
Platform Security
It involves managing hardware, software, and services to protect their confidentiality, integrity, and availability.
What is the purpose of PR.IR?
To manage security architectures with the organization’s risk strategy
This protects asset confidentiality, integrity, and availability.
What does DE.CM encompass in the detect phase?
Continuous monitoring of assets
This is to find anomalies, indicators of compromise, and other potentially adverse events.
What is the focus of DE.AE?
Analyzing anomalies and indicators of compromise
This helps characterize events and detect cybersecurity incidents.
What does RS.MA in the respond phase refer to?
Incident Management
This involves managing responses to detected cybersecurity incidents.
What is the goal of RC.RP in the recovery phase?
To perform restoration activities for operational availability
This is for systems and services affected by cybersecurity incidents.
What does Tier 1 of the CSF Tiers represent?
Partial application of the organizational cybersecurity risk strategy
It indicates ad hoc management and limited awareness of cybersecurity risks.
What characterizes Tier 3 of the CSF Tiers?
Repeatable risk management practices
Policies are formally approved and cybersecurity practices are regularly updated.
What is a CSF Category?
A group of related cybersecurity outcomes
These collectively comprise a CSF Function.
Define CSF Function.
The highest level of organization for cybersecurity outcomes
There are six CSF Functions: Govern, Identify, Protect, Detect, Respond, and Recover.
What does CSF Target Profile specify?
Desired Core outcomes prioritized for achieving cybersecurity objectives
What is the role of CSF Informative Reference?
To map a relationship between a CSF Core outcome and existing standards
This includes guidelines, regulations, or other content.
True or False: The organization adapts its cybersecurity practices based on previous activities.
True
Fill in the blank: CSF __________ is a mechanism for describing an organization’s current and/or target cybersecurity posture.
Organizational Profile
