Cyber Security Tutorial

Cyber Security Overview Cyber Security Introduction Cyber Crime Cyber Space Cyber Criminals Cyber Law Cyber Attackers Types of Hackers Functions of Cyber Security Method to Improve Data Security Cyber security frameworks Importance of Cyber Security Types of Cyber Security Cyber Security Fundamentals Applications of cyber security Cyber security in education sector Cyber security in health care industry Cyber security tools Cyber security policies Types of security policies Characteristics of cyber security policies Digital signature Cyber Security Standards NIST- National Institute of Standard and technology Information Technology Act ISO - International Standard for Organization ISO certification PCI DSS Standard FINRA Difference between Information Security and Cyber Security Cyber Security Vulnerability Elements of vulnerability management Social Engineering Vulnerability Assessment Vulnerability management Types of cyber security vulnerabilities Identification of security vulnerability Types of social engineering attacks Penetration Testing Penetration Testing Tools Types of penetration testing Process of Penetration Testing What is Phishing Elements of cyber security Difference between Spoofing and Phishing Difference between Network Security and Cyber Security Difference between Ethical Hacking & Cyber Security Role of artificial engineering in cyber security Cyber Forensics Definition Cyber Security job qualifications Cyber Security Prerequisites Cyber Security Identity and Access Management What is Cyber Forensics Different Types of Cybercrime Different types of cybercrime Tunneling Techniques in Cyber Security

NIST- National Institute of Standard and technology
2022-06-05 00:02:16

NIST- National Institute of Standard and technology

This security standard or framework was founded in 1901 and designed to protect data. It consists of several guidelines that help companies protect government data and establish standards and technology applied to the science and technology industries.

The National Institute of Standard and Technology is the oldest science lab in the United States (part of the U.S. Department of Commerce) which has a major impact on the public and private sectors of the business.

NIST provides a level of uniformity that provides a standard of data safety insurance. NIST has a five-step process that provides surety to this security standard. With these steps, NIST can be applied to a system.

  1. Identity – This identification function manages cyber security risks to people, systems, assets, capabilities, and data in an effective cyber security program. This function identifies physical and software assets, organization business environment, vulnerabilities, internal and external threats to organizational resources, and supply chain management strategies (including risk tolerance, constraints, priorities, and assumptions that support risk decisions in managing supply chain risk). Business context-related cyber security risks, identifying risk, establishing risk management strategies, and finding resources that support critical functions.
  2. Protect – This protection function of NIST safeguards the delivery of critical infrastructure services: Implementation of procedure and process to manage and maintain the protection of asset and information system, physical and remote access of system. It protects remote maintenance activities, security, and security resilience, including organizational policies, agreements, and procedures. The protection function is implemented for the protection of identity management.
  3. Detect – Detect function finds the anomalies and some of the activities used to identify the occurrence of a cyber-security event promptly. All the events with their potential impacts are detected and understood. It also has capabilities that monitor cyber security events and provide preventive measures, including physical and network activities. 
  4. Respond – After detecting a cyber security incident, the respond function in NIST takes action and executes the response planning process during and after an incident. Respond function does:
    - Analyses the incident and provides an effective response
    - Manage all the communication during and after an event with internal and external stakeholders.
    -Support recovery activities and perform migration activities
    -Determine the impact of incidents
  5. Recover – To reduce the impact of a cyber-security event/ attack recovery function is implemented to restore the impaired services or capabilities due to a cyber security event. It maintains and renews plans for resilience that implement improvements with recovery plans and procedures to recover the system.            

NIST is taken as a gold standard for creating a cyber-security program. This framework provides users with a top-level security management tool, including a uniform set of rules and guidelines for an organization that help access cyber security risks across the business.

The best method to protect data with NIST compliance standards is to use a compliant file sharing solution because it helps organizations build and n improve their cyber security posture.

So NIST framework objective is to provide a framework that handles risk and vulnerabilities and protect an accurate inventory of assets that help users prioritize cyber security investments and decisions taken by the board of director and senior management. With the help of NIST stakeholders, the board of directors or senior management communicate with each other. Different types or versions of NIST are:

NIST SP 800-53NIST SP 800 was published in 1990 to address every aspect of information security, especially cloud security. It is widely used in the private sector and is a security benchmark for U.S. government agencies.  
NIST 800-115This standard is known as Technical Guide to Information Security Testing and Assessment and is also an important standard for accessing the I.T. system.
NIST SP 800-71Cybercriminals frequent attack the government contractors due to their proximity to federal information systems. Subcontractors and government manufacturers use this I.T. security framework to bid on state and federal business opportunities. The U.S. government has set this framework by the U.S. Department of defense regarding contractor compliance with the security framework. NIST SP 800-71 framework is related to NIST SP 800-53; therefore, it is possible to build a crosswalk between both standards, but NIST SP 800-71 is more generalized and used as a secure base for some organizations by using additional controls included in NIST SP 800-53.
NIST CSFThis NIST framework was also developed to improve critical cyber security to address U.S. critical infrastructure, food supplies, health care delivery, and water supplies, including energy production, communication, and transportation. These essential industries maintain a high level of preparedness, and for this NIST CSF framework was developed under executive order 13636, released in February 2013. It deals with risk management and analysis. It works on the five phases of risk management, i.e., identity, protect, detect, respond and cover, which require the support of senior management. This framework is utilized by both the private and public sectors.   
NIST SP 1800 SeriesIt complements the series of standards and framework NIST  SP 800 focuses on how to apply and implement standard-based cyber security technologies in real-world applications. It provides examples of specific capabilities and their implementation by modular guidance for organizations of all kinds and sizes. It tells the method of approaching multiple products to achieve the desired results based on experience. It also defines the need for component and installation, integration, and configuration information, due to which organizations easily replicate the process itself. 

Conclusion: National Information Security Technology standard is a U.S.-based agency that works in the cyber security field and publishes cybersecurity-related standards. Different countries across the globe follow NIST standards.