100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
ISC-V1 2024 Regulations, Standards, and Frameworks $7.99   Add to cart

Exam (elaborations)

ISC-V1 2024 Regulations, Standards, and Frameworks

 5 views  0 purchase
  • Course
  • Institution

ISC-V1 2024 Regulations, Standards, and Frameworks

Preview 4 out of 310  pages

  • June 21, 2024
  • 310
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
ISC


1
Regulations, Standards, and
Frameworks



Module

1 National Institute of Standards and
Technology Frameworks 3

2 Privacy and Data Security Standards 15

3 Center for Internet Security Critical Security Controls:
Part 1 21

4 Center for Internet Security Critical Security Controls:
Part 2 33

5 COBIT 2019 Framework 43

, NOTES




S1–2 © Becker Professional Education Corporation. All rights reserved.

,1
MODULE
National Institute of
Standards and Technology
Frameworks ISC 1




Overview
The application of information technology (IT) in an organization is the systematic
implementation of hardware and software so that data can be transmitted, modified, accessed,
and stored both securely and efficiently. As the field of information science advances, the speed
at which IT devices can perform these tasks has rapidly increased, and organizations must
reevaluate their technology on a regular basis.
Organizations adopt technology to enhance or support business operations, protect digital
records and assets, and safeguard physical assets. This makes the selection and deployment of
management information systems critical to the success of any organization.


1 National Institute of Standards and Technology (NIST)
Cybersecurity Framework (CSF)

1.1 NIST Background
The National Institute of Standards and Technology (NIST) was established in 1901 to remove
barriers to industrial competitiveness and improve access to resources to promote U.S. research
capabilities. In 1995, the NIST branched out into the cybersecurity field with the NIST Special
Publication 800-12, An Introduction to Information Security. To date, three of the most prolific sets
of standardized frameworks promulgated by NIST include the NIST Cybersecurity Framework
(CSF), NIST Privacy Framework, and NIST SP 800-53 Security and Privacy Controls for Information
Systems and Organizations.

1.2 Cybersecurity Framework
Introduction
The NIST Cybersecurity Framework is a voluntary framework that includes three primary
components to manage cybersecurity risk:
1. Framework Core
2. Framework Implementation Tiers
3. Framework Profile




© Becker Professional Education Corporation. All rights reserved. Module 1 National
S1–3Institute of Standards

, 1 National Institute of Standards and Technology Frameworks ISC 1




Tier 1 Tier 2 Tier 3 Tier 4
(Partial) (Risk Informed) (Repeatable) (Adaptive)

CORE TIERS




PROFILE




Source: Reprinted courtesy of the National Institute
of Standards and Technology, U.S. Department of
Commerce. Not copyrightable in the United States.


1.2.1 Framework Core
The NIST CSF was a legislative imperative for NIST aimed at developing a set of plain language
controls for the protection of critical IT infrastructure. Specifically, the focus of the NIST CSF is
to develop a program to identify, assess, and manage cybersecurity risks in a cost-effective and
repeatable manner.
The framework core consists of five areas of focus, or functions, which represent different points
in the security risk management life cycle that help enhance cybersecurity protection. These
components are not ordered steps; they are functions that should be performed concurrently.
The five components are Identify, Protect, Detect, Respond, and Recover.
1. Identify: This function focuses on creating canonical records of the assets an organization
uses to support information processing operations, users who are both internal and
external to an organization, and systems.
2. Protect: This function focuses on safeguards and access controls to networks, applications,
and other devices deployed as well as regular updates to security software, including
encryption for sensitive information, data backups, plans for disposing of files or unused
devices, and training for those with access to a company's network.
3. Detect: This function identifies the tools and resources needed to detect active
cybersecurity attacks, which includes monitoring network access points, user devices,
unauthorized personnel access, and high-risk employee behavior or the use of high-risk
devices.
4. Respond: This function outlines how a company should contain a cybersecurity event, react
using planned responses that mitigate losses, and notify all affected parties.
5. Recover: This function focuses on supporting the restoration of a company's network to
normal operations through repairing equipment, restoring backed up files or environments,
and positioning employees to rebound with the right response.




S1–4 Module 1 National
© Becker InstituteEducation
Professional of Standards and Technology
Corporation. Frameworks
All rights reserved.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller ACTUALSTUDY. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $7.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

66579 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$7.99
  • (0)
  Add to cart