NIST CYBERSECURITY FRAMEWORK (CSF)

SLE - Single Loss Expectancy =RE +AV

SLE - Single Loss Expectancy

ALE- Annual Loss Expectancy =SLE * ARO

Firewalls:

• Stateful Inspection Firewalls
• Packet Filtering Firewalls

CSF (Cybersecurity Framework)

CSF is a structured approach to managing and reducing cybersecurity risk, originally developed by the National Institute of Standards and Technology (NIST). NIST released the Cybersecurity Framework (NIST CSF) to help organizations of all sizes and sectors improve their cybersecurity posture. It’s especially popular in the U.S. as a foundational framework for cybersecurity programs, often used alongside other frameworks such as ISO 27001 or CIS Controls.

Key Components of NIST CSF:

The CSF is organized into five core functions that help guide organizations in managing cybersecurity risk:

1. Identify:
   • What asset need protected, what environment specifics need considered, what and how people need managed, Risk (Vulnerabilities+Threat) assessment.  Mission critical functions understanding
   • Focuses on understanding and managing cybersecurity risks to systems, people, assets, and data.
   • Activities include identifying critical assets, business environment, governance structure, risk assessment, and risk management strategies. First Responder
2. Protect:
   • Initiate Access Control, Awareness training for people, Data security and information protection.  This is the time when Response planning should be established.
   • Outlines safeguards necessary to ensure the delivery of critical services.
   • Controls include identity management, access control, training, data protection, and maintenance to prevent or limit the impact of cyber incidents. Tourniquet
3. Detect:
   • Establishes the capabilities to identify cybersecurity events promptly.
   • Key activities include continuous monitoring, anomaly detection, security testing, and incident detection to recognize threats early. Ambulance assessment and treatment. Typical setup is a IDS system branching off the main stream while IPS may be main stream to help prevent intrusion.
     1. IDS (Intrusion Detection System) is a security technology used to detect unauthorized or malicious activities on a network or host system. It monitors traffic and system activities, analyzing patterns that may indicate security incidents or policy violations, and alerts administrators to potential threats.
        1. IDS vs. IPS:
           1. IDS (Intrusion Detection System): Detects and alerts on potential attacks, but does not actively block or mitigate them.
           2. IPS (Intrusion Prevention System): Similar to IDS but actively takes action to block or contain threats in real-time.
     2. IPS
     3. Snort  tool for IDPS (Intrusion Detection and Prevention System)
     4. Wireshark Packet sniffer
     5. Although its a reach to include prevention.
     6. SOAR (Incident Response Team) Automated response tool. Usually pretty pricey.
     7. EDR(Endpoint Detection and Response) Microsoft WIndows Defender
     8. XDR(Extended Detection and Response)
4. Respond:
   • Provides a roadmap for responding to detected cybersecurity incidents.
   • Steps include developing an incident response plan, communication protocols, containment, and mitigation processes to minimize damage during an attack. ER Triage
5. Recover:
   • Focuses on resilience and restoring services after a cybersecurity incident.
   • Activities include recovery planning, public relations, and improvements to processes and policies to prevent future incidents. Physical Therapy

Benefits of Using the NIST CSF:

• Risk Management and Reduction: It helps organizations prioritize their cybersecurity actions based on their risk profile.