It covers 5 main functions of a cyber security framework.
Each of these functions is then broken down into categories and the categories are further sub divided into subcategories.
This is two more than Bruce Schneier who defines Protect, Detect and Respond.
The basic idea is that you take the categories and analyze it to define your current profile. You then define a target profile and work out action plans and prioritizations to achieve the target profile.
It is not a very long document and much of the useful information is stored in the appendixes. It widely references other public standards.
Application SecurityThe framework does not have much to say about secure application development. However it is extensible so you can add in your own categories and sub categories. It does talk about access control, data-at-rest and data-in-transit controls etc.
The development and testing environment(s) are separate from the production environment
- NIST Press Release
Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot
Thanks first of all for the useful info.the idea in this article is quite different and innovative please update more.ReplyDelete
iOS Training in Chennai
iOS Training in Velachery
JAVA Training in Chennai
Python Training in Chennai
Big data training in chennai
Selenium Training in Chennai
I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.ReplyDelete
Cyber Security Projects for Final Year
Project Centers in Chennai
you already have. Like most organisations, you are probably using a mixture of Microsoft Office versions office 365ReplyDelete