More Subjects
Week 3 Discussion - Remediation - Ineffective Or Missing Security
Gap Analysis using NIST Cybersecurity framework
[Name of the Writer]
[Name of the Institution]
In simple terms, gap analysis of any networking infrastructure aims to find the flaws in the gaps in security in the organization. NIST provides a very well defined framework with guidelines to identify and tackle such security flaws. So before getting into the gist of things, lets begin by understanding what use can we, as information security specialists make of the problems that arise due to flaws in the infrastructure. Most information security specialists use such problems as their working guidelines, so that they can patch up the network from that part and thus can make their systems as secure as possible. Conducting a gap analysis consists of the following six steps ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"r48zwssy","properties":{"formattedCitation":"\\super 1\\nosupersub{}","plainCitation":"1","noteIndex":0},"citationItems":[{"id":264,"uris":["http://zotero.org/users/local/DTmO0ro3/items/ISLZWHSB"],"uri":["http://zotero.org/users/local/DTmO0ro3/items/ISLZWHSB"],"itemData":{"id":264,"type":"webpage","abstract":"What is the NIST Cybersecurity Framework (NIST CSF) From the NIST.gov/cyberframework website The Cybersecurity Framework is a \".","language":"en","title":"Conducting a Cybersecurity Framework Gap Self-Assessment","URL":"https://www.linkedin.com/pulse/conducting-cybersecurity-framework-gap-kevin-moker","accessed":{"date-parts":[["2020",1,28]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} 1.
Classify matter in focus.
Collect relevant data.
Tie evidence to NIST CSF subcategories.
Identify preliminary gaps in system.
Conduct risk analysis after identification gaps.
Create action plan.
None of the above mentioned steps can be under-estimated or missed as at the end of this procedure, our network is supposed to be secure. The first step of our procedure involves the identification of the subject matter. First of all, your organization should have the necessary knowledge as well as the workforce to do a gap analysis by themselves but if your organization lacks the necessary skills, you should probably look for an external party s moving on without the necessary skills can be really damaging to the resources and assets of the company ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"DuNQ17Sj","properties":{"formattedCitation":"\\super 2\\nosupersub{}","plainCitation":"2","noteIndex":0},"citationItems":[{"id":270,"uris":["http://zotero.org/users/local/DTmO0ro3/items/MY3I3JKR"],"uri":["http://zotero.org/users/local/DTmO0ro3/items/MY3I3JKR"],"itemData":{"id":270,"type":"webpage","abstract":"Overview\n\nThe Introduction to the Components of the Framework page presents readers with an overvi","container-title":"NIST","genre":"text","language":"en","title":"An Introduction to the Components of the Framework","URL":"https://www.nist.gov/cyberframework/online-learning/components-framework","author":[{"family":"nicole.keller@nist.gov","given":""}],"accessed":{"date-parts":[["2020",1,28]]},"issued":{"date-parts":[["2018",2,6]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} 2. In the data collection phase, you should be willing to get your hands dirty as without getting the necessary and relevant data, the final steps would always be flawed. A number of techniques can be used for this purpose including interviews and documentation review.
After collecting the necessary data, we should look to see how the data falls into the subcategories of NIST cyber security framework ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"1e9XK9MK","properties":{"formattedCitation":"\\super 3\\nosupersub{}","plainCitation":"3","noteIndex":0},"citationItems":[{"id":268,"uris":["http://zotero.org/users/local/DTmO0ro3/items/YDGPGCG6"],"uri":["http://zotero.org/users/local/DTmO0ro3/items/YDGPGCG6"],"itemData":{"id":268,"type":"webpage","abstract":"Background\n\nRecognizing the natio","container-title":"NIST","genre":"text","language":"en","title":"New to Framework","URL":"https://www.nist.gov/cyberframework/new-framework","author":[{"family":"nicole.keller@nist.gov","given":""}],"accessed":{"date-parts":[["2020",1,28]]},"issued":{"date-parts":[["2018",2,5]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} 3. For this purpose, one can draw a table and see how the data collected falls in the categories. In total NIST cyber security framework has 108 subcategories.
The next step is probably the most important step in the whole process and includes the identification of gaps in the network. This step can result in the springboarding of policies and make the process of information security implementation more streamlined. The next step involves the creation of relevant policies and the determination of weak points of the system ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"Ti8zqgY0","properties":{"formattedCitation":"\\super 4\\nosupersub{}","plainCitation":"4","noteIndex":0},"citationItems":[{"id":266,"uris":["http://zotero.org/users/local/DTmO0ro3/items/7TW27DLP"],"uri":["http://zotero.org/users/local/DTmO0ro3/items/7TW27DLP"],"itemData":{"id":266,"type":"post-weblog","abstract":"Our gap analysis assessment will give you a clear picture of your current security position. Our goal is to increase your score and improve your overall security posture.","container-title":"Kyber Security","language":"en-US","title":"NIST CSF Gap Analysis Assessment","URL":"https://kybersecure.com/nist-csf-gap-analysis/","accessed":{"date-parts":[["2020",1,28]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} 4. This process, on many occasions can be very subjective and is usually based on the feedback from the respective client. Afterwards, the POA&M can be used to make the process of precise utilization of assets easier for the executive leadership.
Works cited:
ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Conducting a Cybersecurity Framework Gap Self-Assessment. https://www.linkedin.com/pulse/conducting-cybersecurity-framework-gap-kevin-moker. Accessed January 28, 2020.
nicole.keller@nist.gov. An Introduction to the Components of the Framework. NIST. https://www.nist.gov/cyberframework/online-learning/components-framework. Published February 6, 2018. Accessed January 28, 2020.
nicole.keller@nist.gov. New to Framework. NIST. https://www.nist.gov/cyberframework/new-framework. Published February 5, 2018. Accessed January 28, 2020.
. NIST CSF Gap Analysis Assessment. Kyber Security. https://kybersecure.com/nist-csf-gap-analysis/. Accessed January 28, 2020.
More Subjects
Join our mailing list
© All Rights Reserved 2024