Describe in brief the stages of the NIST Cybersecurity framework. How does imple
ID: 3601471 • Letter: D
Question
Describe in brief the stages of the NIST Cybersecurity framework. How does implementing risk management frameworks, like the NIST Cybersecurity Framework, help to reduce risk within an organization? Describe a mechanism to build cybersecurity awareness within a healthcare organization. Describe in brief the stages of the NIST Cybersecurity framework. How does implementing risk management frameworks, like the NIST Cybersecurity Framework, help to reduce risk within an organization? Describe a mechanism to build cybersecurity awareness within a healthcare organization.Explanation / Answer
Five stages of NIST Cybersecurity framework are,
Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.
Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.
Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.
Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements.
Recover – Develop and implement the suitable activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.
How does implementing risk management frameworks, like the NIST Cybersecurity Framework, help to reduce risk within an organization?
The Framework provides an assessment mechanism that enables organizations to determine their current cybersecurity capabilities, set individual goals for a target state, and establish a plan for improving and maintaining cybersecurity programs.
The framework will deliver ancillary benefits that include effective collaboration and communication of security posture with executives and industry organizations, as well as potential future improvements in legal exposure and even assistance with regulatory compliance.
The framework can be used as a business requirement for companies that provide services to critical infrastructure owners, operators, and providers. For example, an organization deemed to be a critical infrastructure provider that adopts the framework shall require that its vendors and suppliers achieve the same Implementation Tier ranking. Doing so will help the organization protect itself from a potential weak link in its supply chain.
An organisation may conduct self-assessments based on the framework to better understand their risk-based cybersecurity posture in order to be prepared should future requests for proposals (RFPs) and partnerships require some level of implementation with the Framework.
In an environment where cyber threat information is not readily available, organizations struggle with understanding how much security is enough security, leading to organizations implementing unnecessary cybersecurity protections. Through the use of the NIST Framework, standards for care can be established for each critical infrastructure. Organizations can leverage these standards to determine the appropriate level of security protections required, ensuring efficient utilization of security budgets.
Organizations that adopt the framework at the highest possible risk-tolerance level will be better positioned to comply with future cybersecurity and data privacy regulations.
Describe a mechanism to build cybersecurity awareness within a healthcare organization.
The mechanisms are,
1. Define and streamline leadership, governance and expectations for health care industry cybersecurity.
2. Increase security and resilience of medical devices and health information technology.
3. Develop the health care workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities.
4. Increase health care industry readiness through improved cybersecurity awareness and education.
5. Identify mechanisms to protect research and development efforts and intellectual property from attacks or exposure.
6. Improve information-sharing of industry threats, risks and mitigations.