Class 643: Week 4 Discussion
Class 643: Week 4 Discussion
The standardization of the five core functions of the NIST Cybersecurity Framework, namely, identify, detect, protect, respond, and recover, can assist in creating a unified approach to cybersecurity across all infrastructure sectors and industries in two ways. Firstly, the standardization would provide a cost-effective, flexible, repeatable, and prioritized approach to collective management of cybersecurity-related risks that effectively integrates best practices and guidelines for promoting critical infrastructure protection (NIST, 2019). Secondly, standardizing these functions would ensure the creation of a unified approach to cybersecurity by allowing streamlined and standards-based communication, discourses, collaboration, and risk management planning between and among players in these sectors and industries in a way that allows for the classification, reconciliation, and redistribution of critical infrastructure protection guidelines, policies, and standards.
The Presidential Executive Order that I select from the two is that of 2017 released by President Donald Trump. This executive order resulted from the constitutional mandate of the Office of the President to protect the American innovation and values by stretching critical infrastructure cybersecurity. This executive order has impacted the current state of cybersecurity significantly in several ways. For instance, the order has greatly strengthened the cybersecurity of federal networks and critical infrastructure by increasing the modernization of federal information technology infrastructure towards collaboration and cooperation with foreign allies in ensuring full-scale critical infrastructure security. Also, the executive order has impacted cybersecurity by augmenting accountability reporting by heads of enterprises and agencies across the United States (The White House, 2017). Thirdly, the executive order has impacted cybersecurity by increasing the promotion of marketplace transparency of critical infrastructure entities in their cybersecurity risk management practices.
The area or component of the NIST Cybersecurity Framework that I select is the protect component. This function relates to developing and implementing suitable safeguards for ensuring the secure delivery of critical infrastructure services (Dickinson, 2017; U.S. General Services Administration, 2020). This function of the framework has six categories involved, namely data security, access control, information protection processes and procedures, awareness and training, protective technology, and maintenance. The importance of three of them is addressed. The importance of data security is that it ensures the protection of confidentiality, availability, and integrity of information in the management of records and information. The importance of access control is to ensure that only authorized users, devices, transactions, and processes have access to facilities and assets (Yeagley, 2017). The significance of the information protection processes and procedures is the emphasis on maintaining and employing security policies, procedures, and processes in managing the protection of information assets and systems.
The White House. (May 11, 2017). Presidential executive order on strengthening the cybersecurity of federal networks and critical infrastructure. Washington, DC. The White House. Retrieved February 04, 2020, from https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/.
NIST. (November 18, 2019). Cybersecurity framework. Gaithersburg, MD. National Institute of Standard and Technology (NIST). Retrieved February 04, 2020, from https://www.nist.gov/cyberframework/new-framework.
Dickinson, D. (2017). Cybersecurity: going beyond protection to boost resiliency. White Paper. Harrisburg, PA. Phoenix Contact.
Yeagley, G. (July 19, 2017). The NIST cybersecurity framework – The protect function. North Providence, RI. Compass IT Compliance, LLC. Retrieved February 04, 2020, from https://www.compassitc.com/blog/the-nist-cybersecurity-framework-the-protect-function.
U.S. General Services Administration. (2020). NIST Cybersecurity Framework (CSF). Washington, DC. U.S. General Services Administration. Retrieved February 04, 2020, from https://www.gsa.gov/technology/technology-products-services/it-security/nist-cybersecurity-framework-csf.