Want a Career in GRC? Learn these NIST Frameworks:
Frameworks are the foundation of Cyber Security. Whether private sector or government, organizations need to follow them to ensure a solid security posture. Learning these frameworks can line you up for a great career in GRC.
Here is a list of NIST Frameworks:
1. NIST Cyber Security Framework
2. NIST 800-53 (Used for Government systems and organizations)
3. NIST 800-171 (Used for Protecting Controlled Unclassified Information)
4. NIST RMF (Integrating Security, Privacy and Risk)
5. NIST PRIVACY FRAMEWORK (Improving Privacy Structures)
6. NIST 800-63 (Digital Identity)
Each framework above has it's own place within cyber security.
Below is a breakdown of one of the most commonly used ones.
💻 NIST CSF
🟣 Identify: This function helps organizations understand how to manage cybersecurity risk to systems, assets, data, and capabilities. It involves identifying the business context, resources that support critical functions, and related cybersecurity risks. This enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs.
🟡 Protect: The Protect function outlines appropriate safeguards to ensure delivery of critical infrastructure services. It involves the implementation of appropriate safeguards to ensure the delivery of critical services. This includes measures like access control, data security, maintenance, and protective technology, aimed at limiting or containing the impact of a potential cybersecurity event.
🟢 Detect: This function defines the appropriate activities to identify the occurrence of a cybersecurity event. Detecting a cybersecurity event in a timely manner is necessary to conduct a rapid response. Activities in this function include continuous monitoring and detection processes.
🔵 Respond: The Respond function includes actions to take after detecting a cybersecurity incident. It involves developing and implementing the appropriate activities to act regarding a detected cybersecurity incident. The response plan includes response planning, communications, analysis, mitigation, and improvements.
🔴 Recover: The Recover function identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. Recovery planning and processes help restore services impaired by a cybersecurity event.
🟠 Govern: This is a new section that was released in version 2.0 and touches each of the other sections.
There are 2 Ways I can Help you Get a Job in Cyber Security:
1. My Break in Cyber Playbook - This playbook that I wrote will give you solid direction on the right path to take to get into Cyber Security. Better yet, it's also a complete guide on how to stand out to recruiters and make them find you. Get it here.
2. Book a 1-on-1 Call with Me - Let me get to know you and steer you in the right direction so you can work toward land that next job in Cyber Security. I can help you get discovered by recruiters because I know what they are looking for.
My calls are informal, fun, and extremely productive. I guarantee you will have some great take-aways and feel more confident by the end of the call or I'll refund you completely.
If you book a call within the next 12 hours, I will also give you a free copy (PDF) of my Break in Cyber Playbook that will help guide you to landing a job.
~ Mike Miller
Comments