Security Framework Application

To begin with, an information security framework is a series of agreed, documented and understood procedures, processes, and policies that explain how information is managed in a business to lower the risk and vulnerability and increase confidence in an environment that is always connected (Keller, 2017). This essay will look into the control frameworks and more specifically, the NIST 800-53 cybersecurity framework. This framework has been implemented by the company which I represent, and it was established in the firm’s security architecture design (Pohl, 2017). This framework was chosen because it was able to develop essential controls and necessary processes for cybersecurity. 

There are certain risks that the company could not be able to contemplate due to the vital data that the company owned at the time and even today. The access to this data by unauthorized persons could end up being a disaster even worse than that of Target data breach that occurred in 2013 (Barrett, 2018). The NIST 800-53 was the best security measure that could be established to avoid having this type of scenario that could expose sensitive data, cause financial losses, damage the company’s reputation and damage the company’s market position (Barrett, 2018). 

The implementation of this framework was done voluntarily, and it is based on well-known practices and standards. The reason why this framework was put into consideration is that it represents the best current practices in the world of cybersecurity. The implementation process is done through a tiered process or in other words maturity levels from partial to adaptive (Sumathi, 2018). There are about four tiers or maturity levels in the NIST framework, but they are referred to like tools that are used for internal communication (McKnight, 2017). This communication occurs between cybersecurity risk management and operational risk management. In this implementation process, the higher the tier, the higher the degree of sophistication and the maturity in how the cybersecurity responses and risks are managed (McKnight, 2017).

There are specific criticisms that have been highlighted, and they are mostly user-related rather than the infrastructural integrity of the system. The top management has been vocal in indicating how the order has been complicated and that it has led the senior persons in the company to ask the wrong questions concerning the actuarial risks rather than the system’s capabilities to prevent potential attackers (Barrett, 2018). They are not able to learn how it works, and this could lead to a problem because it becomes esoteric and exclusive to the IT department. 

The best way in which this issue could be addressed is by having persons being trained to understand how the system works. This is because once certain information has been placed in the hands of an employee working in this department, it could lead to vulnerability (Pohl, 2017). They can end up manipulating the system without the knowledge of the top brass. There should be a hands-on approach in the way the system is monitored and used. This will ensure that a single person is unable to go out of their way into ruining the company’s reputation by causing sabotage out of spite (Keller, 2017). Therefore, it is highly advised that the top and senior management be able to familiarise themselves with the system as soon as possible to get an in-depth understanding of its functionality, implementation processes and procedures (McKnight, 2017)s. 

Conclusion

The NIST system is highly recommended, and many agencies and institutions have used it. However, the politics surrounding the framework could see other better cybersecurity frameworks being developed. This may be done because the NIST framework is government based and it could be subjected to tampering by agencies such as the NSA.

References

Barrett, M. P. (2018). Framework for improving critical infrastructure cybersecurity. National Institute of Standards and Technology, Gaithersburg, MD, USA, Tech. Rep.

Keller, N (2017). “Cybersecurity Framework Draft Version 1.1”. NIST. Retrieved October 5, 2017.

McKnight, J. (2017). The Evolution of Ransomware and Breadth of its Economic Impact (Doctoral dissertation, Utica College).

Pohl, F., & Schotten, H. D. (2017). Secure and scalable remote access tunnels for the IIoT: an assessment of OpenVPN and IPsec performance. In European Conference on Service-Oriented and Cloud Computing (pp. 83-90). Springer, Cham.Sumathi, K., & Damodaram, R. (2018). Survey and analysis of phishing detection techniques. International Journal of Advanced Research in Computer Science, 9(1).