A comprehensive guide to the NIST cybersecurity framework 2.0 : strategies, implementation, and best practice / / Jason Edwards
(Visualizza in formato marc)
(Visualizza in BIBFRAME)
| Autore: |
Edwards Jason (Cybersecurity expert)
|
| Titolo: |
A comprehensive guide to the NIST cybersecurity framework 2.0 : strategies, implementation, and best practice / / Jason Edwards
|
| Pubblicazione: | Hoboken, NJ : , : Wiley, , 2025 |
| ©2025 | |
| Edizione: | 1st ed. |
| Descrizione fisica: | 1 online resource |
| Disciplina: | 005.8 |
| Soggetto topico: | Computer security - Standards |
| Nota di contenuto: | Cover -- Title Page -- Copyright -- Contents -- Preface -- Acknowledgments -- Chapter 1 Introduction -- Why This Book? -- Overview of Cybersecurity Challenges -- Chapter 2 Understanding the NIST Cybersecurity Framework 2.0 -- Fundamental Changes from Version 1.X -- Core Components of the Framework -- The Functions: Govern, Identify, Protect, Detect, Respond, and Recover -- CSF Organizational Profiles -- CSF Tiers -- Chapter 3 Cybersecurity Controls -- Delving Deeper into Cybersecurity Measures -- Comprehensive Assessment of Cybersecurity Safeguards -- Chapter 4 Compliance and Implementation -- Tailoring the Framework to Different Organizations -- Compliance Considerations -- Integrating with Other Standards and Frameworks -- Chapter 5 Organizational Context (GV.OC) -- GV.OC‐01: The Organizational Mission Is Understood and Informs Cybersecurity Risk Management -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.OC‐02: Internal and External Stakeholders are Understood, and Their Needs and Expectations Regarding Cybersecurity Risk Management Are Understood and Considered -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.OC‐03: Legal, Regulatory, and Contractual Requirements Regarding Cybersecurity-Including Privacy and Civil Liberties Obligations-Are Understood and Managed -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.OC‐04: Critical Objectives, Capabilities, and Services that Stakeholders Depend on or Expect from the Organization are Understood and Communicated -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.OC‐05: Outcomes, Capabilities, and Services that the Organization Depends on Are Understood and Communicated -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC). |
| Chapter 6 Risk Management Strategy (GV.RM) -- GV.RM‐01: Risk Management Objectives are Established and Agreed to by Organizational Stakeholders -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.RM‐02: Risk Appetite and Risk Tolerance Statements are Established, Communicated, and Maintained -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.RM‐03: Cybersecurity Risk Management Activities and Outcomes Are Included in Enterprise Risk Management Processes -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.RM‐04: Strategic Direction That Describes Appropriate Risk Response Options Is Established and Communicated -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.RM‐05: Lines of Communication Across the Organization Are Established for Cybersecurity Risks, Including Risks from Suppliers and Other Third Parties -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.RM‐06: A Standardized Method for Calculating, Documenting, Categorizing, and Prioritizing Cybersecurity Risks Is Established and Communicated -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.RM‐07: Strategic Opportunities (i.e., Positive Risks) Are Characterized and Are Included in Organizational Cybersecurity Risk Discussions -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- Chapter 7 Roles, Responsibilities, and Authorities (GV.RR) -- GV.RR‐01: Organizational Leadership Is Responsible and Accountable for Cybersecurity Risk and Fosters a Culture That Is Risk‐Aware, Ethical, and Continually Improving -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC). | |
| GV.RR‐02: Roles, Responsibilities, and Authorities Related to Cybersecurity Risk Management Are Established, Communicated, Understood, and Enforced -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.RR‐03: Adequate Resources Are Allocated Commensurate with the Cybersecurity Risk Strategy, Roles, Responsibilities, and Policies -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.RR‐04: Cybersecurity Is Included in Human Resource Practices -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- Chapter 8 Policy (GV.PO) -- GV.PO‐01: Policy for Managing Cybersecurity Risks Is Established Based on Organizational Context, Cybersecurity Strategy, and Priorities and Is Communicated and Enforced -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.PO‐02: Policy for Managing Cybersecurity Risks Is Reviewed, Updated, Communicated, and Enforced to Reflect Changes in Requirements, Threats, Technology, and Organizational Mission -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- Chapter 9 Oversight (GV.OV) -- GV.OV‐01: Cybersecurity Risk Management Strategy Outcomes Are Reviewed to Inform and Adjust Strategy and Direction -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.OV‐02: The Cybersecurity Risk Management Strategy Is Reviewed and Adjusted to Ensure Coverage of Organizational Requirements and Risks -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.OV‐03: Organizational Cybersecurity Risk Management Performance Is Evaluated and Reviewed for Adjustments Needed -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- Chapter 10 Cybersecurity Supply Chain Risk Management (GV.SC). | |
| GV.SC‐01: Establishing a Cybersecurity Supply Chain Risk Management Program -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.SC‐02: Cybersecurity Roles and Responsibilities Within the Supply Chain -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.SC‐03: Integrating Cybersecurity Supply Chain Risk Management into Organizational Frameworks -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.SC‐04: Prioritizing Suppliers by Criticality in Cybersecurity Supply Chain Risk Management -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.SC‐05: Establishing Cybersecurity Requirements in Supply Chain Contracts -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.SC‐06: Enhancing Cybersecurity Through Diligent Supplier Selection and Management -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.SC‐07: Mastering Supplier Risk Management in the Cybersecurity Landscape -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.SC‐08: Collaborative Incident Management with Suppliers -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.SC‐09: Fortifying Cybersecurity Through Strategic Supply Chain Security Integration -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- GV.SC‐10: Navigating Cybersecurity After the Conclusion of Supplier Partnerships -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- Chapter 11 Asset Management (ID.AM) -- ID.AM‐01: Inventories of Hardware Managed by the Organization Are Maintained -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC). | |
| ID.AM‐02: Inventories of Software, Services, and Systems Managed by the Organization Are Maintained -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- ID.AM‐03: Representations of the Organization's Authorized Network Communication and Internal and External Network Data Flows Are Maintained -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- ID.AM‐04: Inventories of Services Provided by Suppliers Are Maintained -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- ID.AM‐05: Assets Are Prioritized Based on Classification, Criticality, Resources, and Impact on the Mission -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- ID.AM‐07: Inventories of Data and Corresponding Metadata for Designated Data Types Are Maintained -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- ID.AM‐08: Systems, Hardware, Software, Services, and Data Are Managed Throughout Their Life Cycles -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- Chapter 12 Risk Assessment (ID.RA) -- ID.RA‐01: Vulnerabilities in Assets Are Identified, Validated, and Recorded -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- ID.RA‐02: Cyber Threat Intelligence Is Received from Information Sharing Forums and Sources -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- ID.RA‐03: Internal and External Threats to the Organization Are Identified and Recorded -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC) -- ID.RA‐04: Potential Impacts and Likelihoods of Threats Exploiting Vulnerabilities Are Identified and Recorded -- Recommendations -- NIST 800‐53 Controls -- Simplified Security Controls (SSC). | |
| ID.RA‐05: Threats, Vulnerabilities, Likelihoods, and Impacts Are Used to Understand Inherent Risk and Inform Risk Response Prioritization. | |
| Sommario/riassunto: | Learn to enhance your organization's cybersecurit y through the NIST Cybersecurit y Framework in this invaluable and accessible guide The National Institute of Standards and Technology (NIST) Cybersecurity Framework, produced in response to a 2014 US Presidential directive, has proven essential in standardizing approaches to cybersecurity risk and producing an efficient, adaptable toolkit for meeting cyber threats. As these threats have multiplied and escalated in recent years, this framework has evolved to meet new needs and reflect new best practices, and now has an international footprint. There has never been a greater need for cybersecurity professionals to understand this framework, its applications, and its potential. A Comprehensive Guide to the NIST Cybersecurity Framework 2.0 offers a vital introduction to this NIST framework and its implementation. Highlighting significant updates from the first version of the NIST framework, it works through each of the framework's functions in turn, in language both beginners and experienced professionals can grasp. Replete with compliance and implementation strategies, it proves indispensable for the next generation of cybersecurity professionals. A Comprehensive Guide to the NIST Cybersecurity Framework 2.0 readers will also find: Clear, jargon-free language for both beginning and advanced readers Detailed discussion of all NIST framework components, including Govern, Identify, Protect, Detect, Respond, and Recover Hundreds of actionable recommendations for immediate implementation by cybersecurity professionals at all levels A Comprehensive Guide to the NIST Cybersecurity Framework 2.0 is ideal for cybersecurity professionals, business leaders and executives, IT consultants and advisors, and students and academics focused on the study of cybersecurity, information technology, or related fields. |
| Titolo autorizzato: | A comprehensive guide to the NIST cybersecurity framework 2.0 |
| ISBN: | 9781394280391 |
| 1394280394 | |
| 9781394280384 | |
| 1394280386 | |
| 9781394280377 | |
| 1394280378 | |
| Formato: | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione: | Inglese |
| Record Nr.: | 9911020034603321 |
| Lo trovi qui: | Univ. Federico II |
| Opac: | Controlla la disponibilità qui |