NIST Framework Notes

Question 1

What are the 3 components of the NIST Framework?

Answer 1

Framework Core, Implementation Tiers, and Framework Profiles

Question 2

Framework Core

Answer 2

Outlines the risk and the outcomes

Question 3

Implementation Tier

Answer 3

Outlines how cybersecurity risk is managed by an organization.

Question 4

Framework Profiles

Answer 4

Helps organizations outline how they are going to implement cybersecurity outcomes

Question 5

Framework CORE Functions

Answer 5

Identify, Protect, Detect, Respond, and Recover

Question 6

Identify Categories

Answer 6

Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy, and Supply Chain Risk Management.

Question 7

Protect Categories

Answer 7

Identity Management & Access Control, Awareness Training, Data Security, Information Protection Processes and Procedures, Maintenance, and Protective Technology.

Question 8

Detect Categories

Answer 8

Anomalies and Events, Security/continuous monitoring, and Detection Processes.

Question 9

Respond Categories

Answer 9

Response Planning, Communications, Analysis, Mitigation, and Improvements

Question 10

Recover Categories

Answer 10

Recovery Planning, Improvements, and Communications

Question 11

4 Tiers in NIST Framework

Answer 11

Partial, Risk Informed, Repeatable, and Adaptive

Question 12

Partial Tier 1

Answer 12

Cyber program is ad-hoc

Question 13

Risk-Informed Tier 2

Answer 13

Cyber program is beginning to be informally developed

Question 14

Repeatable Tier 3

Answer 14

Cyber program is defined

Question 15

Adaptive Tier 4

Answer 15

Cyber program is robust and seeks out new threats before they occur

Question 16

Asset Management

Answer 16

Defining the assets that are a part of the organization’s goals and business functions

Question 17

Business Environment

Answer 17

Helps understand the goals of the business.

Question 18

Governance

Answer 18

Identify policies and procedures, and relevant roles/responsibilities of those internal and external of the organization.

Question 19

Risk Assessment

Answer 19

Identifying vulnerabilities

Question 20

Risk Management Strategies

Answer 20

Process and procedures to prevent and detect risk

Question 21

Supply Chain Risk Management

Answer 21

Identifying, Assessing, protecting, and managing our suppliers

Question 22

Identity Management and Authentication

Answer 22

Least Privilege and Trust, but verify.

Question 23

Awareness Training

Answer 23

providing insight into the organization’s initiatives and governance policies

Question 24

Data Security

Answer 24

protecting data at rest, transit, and availability.

Question 25

Information Protection

Answer 25

Confidentiality, Integrity, and availability of data

Question 26

Maintenance

Answer 26

Continuous improvement of processes and how is it protected

Question 27

Protection

Answer 27

WCGW and what are the critical assets that need to be operational

Question 28

Anomalies and Events

Answer 28

establish a network baseline (traffic, etc..). Understand what good looks like.

Question 29

Security and Continous Monitoring

Answer 29

Identifying the baseline and events that don't meet the expected criteria

Question 30

Detection Processes

Answer 30

Identifying roles and responsibilities for detecting events

Question 31

Response Planning

Answer 31

Identify policies and procedures for events

Question 32

Communications

Answer 32

Identify the person responsible and who needs to be informed. Make sure incidents are reported based on policies

Question 33

Analysis

Answer 33

Take a closer look on what caused the incident or investigate incidents to gain assurance on the impact.

Question 34

Mitigation

Answer 34

Limit the impact of an incident and remediate

Question 35

Improvements

Answer 35

Understand what caused issues and build a plan to improve (Lessons learned).

Question 36

Recovery Planning

Answer 36

Make sure plans are executed during and after incidents