Improve Cybersecurity structure with Framework NIST 1.1
To be able to implement the various actions necessary for the security of a company, the National Institute of Standards and Technology (NIST) has developed a framework dedicated entirely to cybersecurity. Since this is an open-source and independent tool, it can serve as a basis for any organization wishing to validate its cybersecurity needs.
Genesis of the NIST project
Since 1901, the NIST lab has worked regularly with the government of the United States of America to analyze and propose solutions in the area of industrial competitiveness. This was created to counterbalance the great advance of Germany and the United Kingdom at the beginning of the 20th century in the fields of economy and industry.
With its great expertise in the field of physical and economic measurement, during the emergence of new technologies, NIST has been the ideal candidate to address issues related to computer security.
The lab's cybersecurity program is based on the institution's fundamentals and promotes innovation, research and the study of US competitiveness.
The subject of data and the relationship with the outside world is a crucial subject for the government of the United States. As a result, NIST's research focuses on topics such as cyberattacks, new technologies, defense methodologies and data preservation. The laboratory is very often called upon for the creation of standards and to establish rules of defense for the industry. Collaborations with the main industrial players in the country are also the responsibility of the laboratory, in order to train strategic sectors on the subject of cybersecurity.
A place in the conspiracy
With such a broad area of expertise, the US Federal Laboratory very often assists the US government on sensitive issues. Following the attack on the two World Trade Center towers, the laboratory was approached to analyze the possible causes of the collapse of the Twin Towers.
Using a computer simulation, bringing together an enormous amount of data, the laboratory's responsibility was to determine the multi-factorial cause. The collapse is believed to be partly due to the fragility of the load-bearing columns, following the damage caused by the impact.
In any case, this is what the computer simulation revealed after analyzing the scenarios. After this short anecdote, let's come back to the subject of the NIST framework and its importance in the analysis of a defense strategy.
How does the NIST framework work?
The NIST 1.1 Framework is made up of five so-called fundamental functions for online security. These functions are:
- Identify
- Protect
- Detect
- Reply
- Restructure
These five pillars will encompass the main processes to be put in place to secure an organization using digital technologies. Each of these points is divided into sub-categories, themselves grouping together tasks to be performed.
There are also specific sub-categories offering methods of integrating solutions to common situations. Obviously each part is accompanied by reference documents and case studies.
The Framework also offers an implementation hierarchy with levels providing companies with a way to situate their skills and actions in relation to the NIST standard.
Finally, the profile section will offer an overview, bringing a long-term approach. The projection on a wider horizon, favors the application of the new habits to have within a company.
An interesting database
To go further, the laboratory's website offers a fairly large database dealing with the different areas around cybersecurity. This database, dating back more than 20 years, has the advantage of bearing witness to technological advances and the associated risks since the beginning of the 21st century. It’s a real gold mine for any cybersecurity enthusiast.
The topics offered are broad and encompass:
- Encryption
- Access control
- Risk management
- Artificial intelligence
- Blockchains
- Hardware
- Servers
- …
Why use the NIST Framework?
There are different reasons to look into the NIST Framework 1.1. Its use will allow among other things:
- Understanding the risks associated with new technologies
- Prevent and prepare for potential threats
- Raise awareness of all stakeholders in an organization on the safety aspect
- Validate the security of the tools put in place by a company or an individual
The platform offers free of charge the knowledge and tools necessary to implement an effective strategy against computer threats.
Reminder
The purpose of the NIST 1.1 framework is only to present a list of recommendations and to prevent risks associated with computer technologies. Compliance with the advice provided by the institution is the responsibility of the company via a critical self-assessment of its structure. Therefore, its use should be indicative and guide a process of raising awareness and improving cybersecurity.
see more : https://01codex.com