Learn to enhance your organization's cybersecurit y through the NIST Cybersecurit y Framework in this invaluable and accessible guide The National Institute of Standards and Technology (NIST) Cybersecurity Framework, produced in response to a 2014 US Presidential directive, has proven essential in standardizing approaches to cybersecurity risk and producing an efficient, adaptable toolkit for meeting cyber threats. As these threats have multiplied and escalated in recent years, this framework has evolved to meet new needs and reflect new best practices, and now has an international footprint.…mehr
Learn to enhance your organization's cybersecurit y through the NIST Cybersecurit y Framework in this invaluable and accessible guide The National Institute of Standards and Technology (NIST) Cybersecurity Framework, produced in response to a 2014 US Presidential directive, has proven essential in standardizing approaches to cybersecurity risk and producing an efficient, adaptable toolkit for meeting cyber threats. As these threats have multiplied and escalated in recent years, this framework has evolved to meet new needs and reflect new best practices, and now has an international footprint. There has never been a greater need for cybersecurity professionals to understand this framework, its applications, and its potential. A Comprehensive Guide to the NIST Cybersecurity Framework 2.0 offers a vital introduction to this NIST framework and its implementation. Highlighting significant updates from the first version of the NIST framework, it works through each of the framework's functions in turn, in language both beginners and experienced professionals can grasp. Replete with compliance and implementation strategies, it proves indispensable for the next generation of cybersecurity professionals. A Comprehensive Guide to the NIST Cybersecurity Framework 2.0 readers will also find: * Clear, jargon-free language for both beginning and advanced readers * Detailed discussion of all NIST framework components, including Govern, Identify, Protect, Detect, Respond, and Recover * Hundreds of actionable recommendations for immediate implementation by cybersecurity professionals at all levels A Comprehensive Guide to the NIST Cybersecurity Framework 2.0 is ideal for cybersecurity professionals, business leaders and executives, IT consultants and advisors, and students and academics focused on the study of cybersecurity, information technology, or related fields.Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Jason Edwards, DM, is an accomplished cybersecurity leader with extensive experience in the technology, finance, insurance, and energy sectors. Holding a Doctorate in Management, Information Systems, and Technology, Jason specializes in guiding large public and private companies through complex cybersecurity challenges. His career includes leadership roles at industry giants like Amazon, USAA, Brace Industrial Group, and Argo Group International. He is a former military cyber officer, adjunct professor, and avid reader and popular on LinkedIn.
Inhaltsangabe
Preface xix Acknowledgments xx 1 Introduction 1 2 Understanding the NIST Cybersecurity Framework 2.0 5 3 Cybersecurity Controls 11 4 Compliance and Implementation 15 5 Organizational Context (GV.OC) 21 6 Risk Management Strategy (GV.RM) 39 7 Roles, Responsibilities, and Authorities (GV.RR) 61 8 Policy (GV.PO) 73 9 Oversight (GV.OV) 81 10 Cybersecurity Supply Chain Risk Management (GV.SC) 91 11 Asset Management (ID.AM) 121 12 Risk Assessment (ID.RA) 143 13 Improvement (ID.IM) 173 14 Identity Management, Authentication, and Access Control (PR.AA) 187 15 Awareness and Training (PR.AT) 207 16 Data Security (PR.DS) 215 17 Platform Security (PR.PS) 227 18 Technology Infrastructure Resilience (PR.IR) 245 19 Continuous Monitoring (DE.CM) 257 20 Adverse Event Analysis (DE.AE) 275 21 Incident Management (RS.MA) 295 22 Incident Analysis (RS.AN) 311 23 Incident Response Reporting and Communication (RS.CO) 325 24 Incident Mitigation (RS.MI) 333 25 Incident Recovery Plan Execution (RC.RP) 341 26 Incident Recovery Communication (RC.CO) 359 A Appendix A: Glossary of Terms 365 B Appendix B: Descriptions of NIST 800-53 Controls 371 Index of 800-53 Controls used in the CSF 425