Tips for implementing NIST, a framework that encompasses best practices in cybersecurity.

logo tips

 

With the use of this framework, companies can implement adequate security controls and timely and effective security governance.
In the preparation and organization of a security governance it is essential to apply the guides including the phases of assessment, planning, risk management, application of controls, evaluation of the effectiveness of security and controls.

Companies should conduct a risk assessment, the guide explains how to perform each step of the risk assessment process, the steps include preparing for assessment, reporting assessment results and maintaining the assessment. Also providing support in ensuring the risk assessment of other organizational processes so that they integrate and there is an exchange of information between all processes.

The guides provide support to the organization of processes to identify possible risk factors and determine if the risks have increased to unacceptable levels and if different courses of action must be taken.

Disaster Planning for Information Systems, a set of specific disaster planning recommendations are provided for three types of platforms providing strategies and techniques common to all systems: client / server, telecommunication systems, and mainframe systems. By providing instructions, recommendations and considerations, the guide provides a step-by-step contingency planning process that an organization can use to develop and maintain a viable contingency planning program for the information systems deployed.

The module for the application of the IT systems risk management framework provides the guidelines for the application of the Risk Management Framework including the activities of security categorization, selection and implementation of security control, security control evaluation, authorization of the information system and security control monitoring.

The module provides guidelines for selecting security controls for organizations and government information systems, the guidelines apply to all components of information systems that process, store or transmit federal information. The publication provides a set of information security program (PM) management controls that are typically implemented at the organization level and not directed at individual government information systems. Providing a set of privacy controls based on international standards and best practices that help organizations enforce requirements stemming from federal directives, policies, regulations and standards.

The controls module provides guidelines for building effective security and privacy assessment plans to assess the effectiveness and privacy used in information systems and organizations.

The standard is used for:

  • Enhance resilience against the ever-changing threat landscape;
  • Enable compliance with major information security standards;
  • Validation of information security provisions with external suppliers;
  • Provide a basis for information risk assessment;
  • Form a basis for standard policies and procedures;
  • Increase awareness of information security;
  • Develop or improve information security in response to changing threats.

 

The NIST framework contains standards and modules to support security activities including:

 

tips1 NIST

 

800-30 Risk Assessment

800-34 Contingency Planning

 

tips2 NIST

 

800-37 RFM (Risk Management Framework)

800-39 Risk Management (InfoSec)

 

tips3 NIST

 

800-53 Security Controls

800-53A Audit

tips4 NIST

 

800-55 Performance Metrics

 

tips5 NIST

 

800-40 Patch Mgt.

Alberto P.
Author: Alberto P.
Founder
Alberto has been dealing with Cyber Security and Information Security for 20 years, currently working as CISO for a financial and technology group. He has developed Cyber Security and Artificial Intelligence technological projects as R & D, he has also cooperated with universities in the development of projects based on Blockchain and IT security.
Latest articles

Partner