NIST Cybersecurity Framework Cross Referenced

April, 2016

Prepared by: Jim Bothe & Jim Meyer

© Copyright 2016 J2 Coordinated Response, LLC All rights Reserved.

NIST Cybersecurity Framework Cross Reference

Objective – To produce a meaningful cybersecurity assessment; and

– In a reasonable amount of time.

But, the NIST subcategories need to be cross referenced – Many are related and

– Many are interdependent.

Logical groupings should make the assessment easier.

LinkedIn 4/16/2016 © 2016 J2 Coordinated Response, LLC. All

Rights Reserved. Page: 2

Functions / Categories / Subcategories

5

6 3

5

3

Categories

Identify

Protect

Detect

Respond

Recover

© 2016 J2 Coordinated Response, LLC. All Rights Reserved.

24

35

18

15

6

Subcategories

ISACA CMC April 13, 2016 Page: 3

NIST Cybersecurity Framework

Dependencies / Other Relationships

Identify relationships between Groups – One Group provides input to another.

– The second Group is possibly constrained by the first.

– Or the other Gambit is dependent on the first

– In either case, weakness in the first limits strength in the second

A subcategory in 1 Group – May have interdependencies with another subcategory in the Group.

– May have interdependencies with a subcategory in another.

– These details are left to the assessor to recognize (at least for now).

LinkedIn 4/16/2016 © 2016 J2 Coordinated Response, LLC. All

Rights Reserved. Page: 4

Establish Risk Tolerance / Prioritize Assets

LinkedIn 4/16/2016 © 2016 J2 Coordinated Response, LLC. All

Rights Reserved. Page: 5

NOTE: Operational drivers inform risk tolerance and the identification of CRITICAL IT assets.

Risk – Assess, Address, Manage

LinkedIn 4/16/2016 © 2016 J2 Coordinated Response, LLC. All

Rights Reserved. Page: 6

Roles and Responsibilities

LinkedIn 4/16/2016 © 2016 J2 Coordinated Response, LLC. All

Rights Reserved. Page: 7

Access Control & Data Protection

LinkedIn 4/16/2016 © 2016 J2 Coordinated Response, LLC. All

Rights Reserved. Page: 8

Configuration Management

LinkedIn 4/16/2016 © 2016 J2 Coordinated Response, LLC. All

Rights Reserved. Page: 9

An Observation

The groups identified thus far form the foundation of an effective cybersecurity architecture.

Establish Risk Tolerance, Prioritize Assets.

Risk – Address, Assess, Manage.

Roles and Responsibilities – well defined or not.

Configuration Management – defines what you are protecting.

Recognize what is important and protect it – 53 subcategories. The remaining groups are:

Detect, Respond, Recover, Improve – 45 subcategories. NOTE: key dependencies are identified in these groups.

© 2016 J2 Coordinated Response, LLC. All Rights Reserved.

ISACA CMC April 13, 2016 Page: 10

Monitor & Detect Events

LinkedIn 4/16/2016 © 2016 J2 Coordinated Response, LLC. All

Rights Reserved. Page: 11

Respond

LinkedIn 4/16/2016 © 2016 J2 Coordinated Response, LLC. All

Rights Reserved. Page: 12

Recover

LinkedIn 4/16/2016 © 2016 J2 Coordinated Response, LLC. All

Rights Reserved. Page: 13

Improve

LinkedIn 4/16/2016 © 2016 J2 Coordinated Response, LLC. All

Rights Reserved. Page: 14

Risk – Assess, Address, Manage

LinkedIn 4/16/2016 © 2016 J2 Coordinated Response, LLC. All

Rights Reserved. Page: 15

Summary

Logical groups provide improve efficiency and meaning.

Categories often contain activities performed in different ways, by different individuals.

Organizations should create their sense of logical groups.

LinkedIn 4/16/2016 © 2016 J2 Coordinated Response, LLC. All

Rights Reserved. Page: 16