It covers 5 main functions of a cyber security framework.
- Identify
- Protect
- Detect
- Respond
- Recover
Each of these functions is then broken down into categories and the categories are further sub divided into subcategories.
This is two more than Bruce Schneier who defines Protect, Detect and Respond.
The basic idea is that you take the categories and analyze it to define your current profile. You then define a target profile and work out action plans and prioritizations to achieve the target profile.
It is not a very long document and much of the useful information is stored in the appendixes. It widely references other public standards.
Application Security
The framework does not have much to say about secure application development. However it is extensible so you can add in your own categories and sub categories. It does talk about access control, data-at-rest and data-in-transit controls etc.PR.DS-7 says:
The development and testing environment(s) are separate from the production environment
Useful Links
- NIST Press Release
- http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf
Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot
Thanks first of all for the useful info.the idea in this article is quite different and innovative please update more.
ReplyDeleteiOS Training in Chennai
iOS Training in Velachery
JAVA Training in Chennai
Python Training in Chennai
Big data training in chennai
Selenium Training in Chennai
you already have. Like most organisations, you are probably using a mixture of Microsoft Office versions office 365
ReplyDeleteUseful document
ReplyDelete