What Changed? - NIST Cybersecurity Framework 2.0
Summary
TLDRKelly Hood, a cybersecurity engineer at Optic Cyber Solutions, introduces the updated NIST Cybersecurity Framework 2.0, highlighting its new 'Govern' function and the streamlining of resources. She explains the realignment and renaming of categories, the addition of 11 significant new categories, and the expansion of resources on the NIST website, including implementation examples and quick start guides for businesses. The talk aims to guide viewers through the changes and how to integrate the updated framework into their cybersecurity programs.
Takeaways
- ๐ข The NIST Cybersecurity Framework (CSF) 2.0 has been released, marking a significant update to the framework used for managing cybersecurity risk.
- ๐ An important addition in CSF 2.0 is the new 'Govern' function, which was previously a category and has now been expanded into a full function with six different categories supporting it.
- ๐ The core components of the frameworkโcore, profile, and tiersโremain the same, continuing to guide organizations on what to do in cybersecurity and how to manage it within their programs.
- ๐ NIST has provided a wealth of new resources with the update, including implementation examples, quick start guides for small businesses, and mappings to existing standards and frameworks.
- ๐ There has been a reduction in the number of categories from 23 to 22 and subcategories from 108 to 106, indicating a streamlining and reorganization of the framework.
- ๐ Several categories have been realigned, renamed, or restructured, such as 'Business Environment' becoming 'Organizational Context' and 'Information Protection Processes and Procedures' being split into multiple categories.
- ๐ The 'Identity Management and Access Control' category has been updated to 'Identity Management, Authentication, and Access Control', with an emphasis on the addition of 'Authentication'.
- ๐ก๏ธ 'Platform Security' is a new category that consolidates concepts from information protection, maintenance, and protective technology, focusing on the security of hardware, software, services, and platforms.
- ๐ 'Technology Infrastructure Resilience' is another new category that addresses security architectures and risk management to protect networks, environmental security, and resource capacity.
- ๐ The 'Improvement' category has been consolidated and expanded to include not only response and recovery activities but also improvements across all functions of the framework.
- ๐ Changes at the subcategory level are numerous, requiring a closer look for organizations to understand the nuances and adapt their cybersecurity programs accordingly.
Q & A
What is Kelly Hood's profession and the company she works for?
-Kelly Hood is a cybersecurity engineer at Optic Cyber Solutions.
What is the main topic of Kelly Hood's discussion in the video?
-The main topic of Kelly Hood's discussion is the NIS cybersecurity framework, specifically the update 2.0 released by NIST.
What are the primary components of the cybersecurity framework?
-The primary components of the cybersecurity framework are the core, the profile, and the tiers.
What is the significance of the 'govern' function added in the update 2.0 of the NIS cybersecurity framework?
-The 'govern' function is significant as it is a new addition in update 2.0, expanding the framework from five to six categories at the function level, and includes six different categories supporting governance.
How has the NIST streamlined the core framework document in the update 2.0?
-NIST has streamlined the core framework document by removing informative references and including them in other documents available through the NIST website.
What types of resources did NIST provide in the update 2.0 release?
-NIST provided resources such as implementation examples, quick start guides for small businesses, mappings to existing standards and frameworks, and the cybersecurity and privacy reference tool.
How has the number of categories and subcategories changed from CSF 1.1 to version 2.0?
-The number of categories has increased from 23 to 22, and the number of subcategories has decreased from 108 to 106.
What is the new name for the 'business environment' category in the updated framework?
-In the updated framework, 'business environment' has been renamed to 'organizational context'.
How has the 'identity management and access control' category changed in version 2.0?
-The 'identity management and access control' category has been moved to 'identity management, authentication, and access control' with a new category identifier and an emphasis on authentication.
What are some of the new categories introduced in the update 2.0 of the NIS cybersecurity framework?
-Some of the new categories introduced include 'platform security', 'technology infrastructure resilience', and 'incident management'.
How can viewers find more information about Optic Cyber Solutions and their services?
-Viewers can find more information about Optic Cyber Solutions and their services by reaching out at [email protected] or visiting their website at opticcyber.com.
Outlines
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowMindmap
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowKeywords
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowHighlights
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowTranscripts
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowBrowse More Related Video
NIST CSF 2.0 : Real-World Implementation Strategies and Tips
Building a Cybersecurity Framework
NIST CSF vs ISO 27002 vs NIST 800-171 vs NIST 800-53 vs Secure Controls Framework (SCF)
What I do as a Cloud Security Engineer
Breaking The Kill Chain: A Defensive Approach
Introduction to risk management frameworks
5.0 / 5 (0 votes)