NIST Cybersecurity Framework (CSF) and ISO/IEC 27001

close up view of system hacking
This entry is part 2 of 3 in the series Cyber Security Frameworks

Views: 3NIST Cybersecurity Framework (CSF) and ISO/IEC 27001 NIST CSF Functions and Categories to ISO/IEC 27001 Annex A Controls Identify (ID) Protect (PR) Detect (DE) Respond (RS) Recover (RC) NIST SP 800-53 to ISO/IEC 27001 Annex A Controls Access Control (AC) Awareness and Training (AT) Audit and Accountability (AU) Security Assessment and Authorization (CA) Configuration … Read more

NIST Cybersecurity Framework v1.1: Fundamentals

Views: 26NIST Functions Framework Core The Core consists of three parts: Functions, Categories, and Subcategories. The Core includes five high level functions: Identify, Protect, Detect, Respond, and Recover.  These 5 functions are not only applicable to cybersecurity risk management, but also to risk management at large.  The next level down is the 23 Categories that are split … Read more

Incident Handling Life Cycle

This entry is part 1 of 13 in the series Incident Response and Forensics

Views: 13NIST – Security Incident Handling 1. Preparation The preparation phase covers the readiness of an organization against an attack. That means documenting the requirements, defining the policies, incorporating the security controls to monitor like EDR / SIEM / IDS / IPS, etc. It also includes hiring/training the staff. 2. Detection and Analysis The detection phase covers … Read more

Risk Management – Terminology

Views: 20Risk Avoidance Risk Acceptance Risk Reduction Basic Terminology Threat A threat is a potential harm or danger to an individual, organisation, or system. Threats can be classified into three main categories: human-made, technical, or natural. Human-made threats: These threats are caused by human activities or interventions. Examples include: As can be seen, human-made threats are not limited to … Read more