A comprehensive guide to the NIST cybersecurity framework 2.0 : strategies, implementation, and best practice / Jason Edwards.

Format:

Book

Author/Creator:

Edwards, Jason (Cybersecurity expert), author.

Language:

English

Subjects (All):

Computer security--Standards.

Physical Description:

1 online resource

Edition:

1st ed.

Place of Publication:

Hoboken, NJ : Wiley, 2025.

Summary:

Learn to enhance your organization's cybersecurit y through the NIST Cybersecurit y Framework in this invaluable and accessible guide The National Institute of Standards and Technology (NIST) Cybersecurity Framework, produced in response to a 2014 US Presidential directive, has proven essential in standardizing approaches to cybersecurity risk and producing an efficient, adaptable toolkit for meeting cyber threats. As these threats have multiplied and escalated in recent years, this framework has evolved to meet new needs and reflect new best practices, and now has an international footprint. There has never been a greater need for cybersecurity professionals to understand this framework, its applications, and its potential. A Comprehensive Guide to the NIST Cybersecurity Framework 2.0 offers a vital introduction to this NIST framework and its implementation. Highlighting significant updates from the first version of the NIST framework, it works through each of the framework's functions in turn, in language both beginners and experienced professionals can grasp. Replete with compliance and implementation strategies, it proves indispensable for the next generation of cybersecurity professionals. A Comprehensive Guide to the NIST Cybersecurity Framework 2.0 readers will also find: Clear, jargon-free language for both beginning and advanced readers Detailed discussion of all NIST framework components, including Govern, Identify, Protect, Detect, Respond, and Recover Hundreds of actionable recommendations for immediate implementation by cybersecurity professionals at all levels A Comprehensive Guide to the NIST Cybersecurity Framework 2.0 is ideal for cybersecurity professionals, business leaders and executives, IT consultants and advisors, and students and academics focused on the study of cybersecurity, information technology, or related fields.

Contents:

Cover

Title Page

Copyright

Contents

Preface

Acknowledgments

Chapter 1 Introduction

Why This Book?

Overview of Cybersecurity Challenges

Chapter 2 Understanding the NIST Cybersecurity Framework 2.0

Fundamental Changes from Version 1.X

Core Components of the Framework

The Functions: Govern, Identify, Protect, Detect, Respond, and Recover

CSF Organizational Profiles

CSF Tiers

Chapter 3 Cybersecurity Controls

Delving Deeper into Cybersecurity Measures

Comprehensive Assessment of Cybersecurity Safeguards

Chapter 4 Compliance and Implementation

Tailoring the Framework to Different Organizations

Compliance Considerations

Integrating with Other Standards and Frameworks

Chapter 5 Organizational Context (GV.OC)

GV.OC‐01: The Organizational Mission Is Understood and Informs Cybersecurity Risk Management

Recommendations

NIST 800‐53 Controls

Simplified Security Controls (SSC)

GV.OC‐02: Internal and External Stakeholders are Understood, and Their Needs and Expectations Regarding Cybersecurity Risk Management Are Understood and Considered

GV.OC‐03: Legal, Regulatory, and Contractual Requirements Regarding Cybersecurity-Including Privacy and Civil Liberties Obligations-Are Understood and Managed

GV.OC‐04: Critical Objectives, Capabilities, and Services that Stakeholders Depend on or Expect from the Organization are Understood and Communicated

GV.OC‐05: Outcomes, Capabilities, and Services that the Organization Depends on Are Understood and Communicated

Simplified Security Controls (SSC).

Chapter 6 Risk Management Strategy (GV.RM)

GV.RM‐01: Risk Management Objectives are Established and Agreed to by Organizational Stakeholders

GV.RM‐02: Risk Appetite and Risk Tolerance Statements are Established, Communicated, and Maintained

GV.RM‐03: Cybersecurity Risk Management Activities and Outcomes Are Included in Enterprise Risk Management Processes

GV.RM‐04: Strategic Direction That Describes Appropriate Risk Response Options Is Established and Communicated

GV.RM‐05: Lines of Communication Across the Organization Are Established for Cybersecurity Risks, Including Risks from Suppliers and Other Third Parties

GV.RM‐06: A Standardized Method for Calculating, Documenting, Categorizing, and Prioritizing Cybersecurity Risks Is Established and Communicated

GV.RM‐07: Strategic Opportunities (i.e., Positive Risks) Are Characterized and Are Included in Organizational Cybersecurity Risk Discussions

Chapter 7 Roles, Responsibilities, and Authorities (GV.RR)

GV.RR‐01: Organizational Leadership Is Responsible and Accountable for Cybersecurity Risk and Fosters a Culture That Is Risk‐Aware, Ethical, and Continually Improving

GV.RR‐02: Roles, Responsibilities, and Authorities Related to Cybersecurity Risk Management Are Established, Communicated, Understood, and Enforced

GV.RR‐03: Adequate Resources Are Allocated Commensurate with the Cybersecurity Risk Strategy, Roles, Responsibilities, and Policies

GV.RR‐04: Cybersecurity Is Included in Human Resource Practices

Chapter 8 Policy (GV.PO)

GV.PO‐01: Policy for Managing Cybersecurity Risks Is Established Based on Organizational Context, Cybersecurity Strategy, and Priorities and Is Communicated and Enforced

GV.PO‐02: Policy for Managing Cybersecurity Risks Is Reviewed, Updated, Communicated, and Enforced to Reflect Changes in Requirements, Threats, Technology, and Organizational Mission

Chapter 9 Oversight (GV.OV)

GV.OV‐01: Cybersecurity Risk Management Strategy Outcomes Are Reviewed to Inform and Adjust Strategy and Direction

GV.OV‐02: The Cybersecurity Risk Management Strategy Is Reviewed and Adjusted to Ensure Coverage of Organizational Requirements and Risks

GV.OV‐03: Organizational Cybersecurity Risk Management Performance Is Evaluated and Reviewed for Adjustments Needed

Chapter 10 Cybersecurity Supply Chain Risk Management (GV.SC).

GV.SC‐01: Establishing a Cybersecurity Supply Chain Risk Management Program

GV.SC‐02: Cybersecurity Roles and Responsibilities Within the Supply Chain

GV.SC‐03: Integrating Cybersecurity Supply Chain Risk Management into Organizational Frameworks

GV.SC‐04: Prioritizing Suppliers by Criticality in Cybersecurity Supply Chain Risk Management

GV.SC‐05: Establishing Cybersecurity Requirements in Supply Chain Contracts

GV.SC‐06: Enhancing Cybersecurity Through Diligent Supplier Selection and Management

GV.SC‐07: Mastering Supplier Risk Management in the Cybersecurity Landscape

GV.SC‐08: Collaborative Incident Management with Suppliers

GV.SC‐09: Fortifying Cybersecurity Through Strategic Supply Chain Security Integration

GV.SC‐10: Navigating Cybersecurity After the Conclusion of Supplier Partnerships

Chapter 11 Asset Management (ID.AM)

ID.AM‐01: Inventories of Hardware Managed by the Organization Are Maintained

ID.AM‐02: Inventories of Software, Services, and Systems Managed by the Organization Are Maintained

ID.AM‐03: Representations of the Organization's Authorized Network Communication and Internal and External Network Data Flows Are Maintained

ID.AM‐04: Inventories of Services Provided by Suppliers Are Maintained

ID.AM‐05: Assets Are Prioritized Based on Classification, Criticality, Resources, and Impact on the Mission

ID.AM‐07: Inventories of Data and Corresponding Metadata for Designated Data Types Are Maintained

ID.AM‐08: Systems, Hardware, Software, Services, and Data Are Managed Throughout Their Life Cycles

Chapter 12 Risk Assessment (ID.RA)

ID.RA‐01: Vulnerabilities in Assets Are Identified, Validated, and Recorded

ID.RA‐02: Cyber Threat Intelligence Is Received from Information Sharing Forums and Sources

ID.RA‐03: Internal and External Threats to the Organization Are Identified and Recorded

ID.RA‐04: Potential Impacts and Likelihoods of Threats Exploiting Vulnerabilities Are Identified and Recorded

ID.RA‐05: Threats, Vulnerabilities, Likelihoods, and Impacts Are Used to Understand Inherent Risk and Inform Risk Response Prioritization.

Notes:

OCLC-licensed vendor bibliographic record.

Description based on publisher supplied metadata and other sources.

ISBN:

9781394280391

1394280394

9781394280384

1394280386

9781394280377

1394280378

OCLC:

1453336712