To begin with, an information security framework is a series of agreed, documented and understood procedures, processes, and policies that explain how information is managed in a business to lower the risk and vulnerability and increase confidence in an environment that is always connected (Keller, 2017). This essay will look into the control frameworks and more specifically, the NIST 800-53 cybersecurity framework. This framework has been implemented by the company which I represent, and it was established in the firm’s security architecture design (Pohl, 2017). This framework was chosen because it was able to develop essential controls and necessary processes for cybersecurity.
There are certain risks that the company could not be able to contemplate due to the vital data that the company owned at the time and even today. The access to this data by unauthorized persons could end up being a disaster even worse than that of Target data breach that occurred in 2013 (Barrett, 2018). The NIST 800-53 was the best security measure that could be established to avoid having this type of scenario that could expose sensitive data, cause financial losses, damage the company’s reputation and damage the company’s market position (Barrett, 2018).
The implementation of this framework was done voluntarily, and it is based on well-known practices and standards. The reason why this framework was put into consideration is that it represents the best current practices in the world of cybersecurity. The implementation process is done through a tiered process or in other words maturity levels from partial to adaptive (Sumathi, 2018). There are about four tiers or maturity levels in the NIST framework, but they are referred to like tools that are used for internal communication (McKnight, 2017).
There are specific criticisms that have been highlighted, and they are mostly user-related rather than the infrastructural integrity of the system. The top management has been vocal in indicating how the order has been complicated and that it has led the senior persons in the company to ask the wrong questions concerning the actuarial risks rather than the system’s capabilities to prevent potential attackers (Barrett, 2018). They are not able to learn how it works, and this could lead to a problem because it becomes esoteric and exclusive to the IT department.
The best way in which this issue could be addressed is by having persons being trained to understand how the system works. This is because once certain information has been placed in the hands of an employee working in this department, it could lead to vulnerability (Pohl, 2017). They can end up manipulating the system without the knowledge of the top brass. There should be a hands-on approach in the way the system is monitored and used. This will ensure that a single person is unable to go out of their way into ruining the company’s reputation by causing sabotage out of spite (Keller, 2017). Therefore, it is highly advised that the top and senior management be able to familiarise themselves with the system as soon as possible to get an in-depth understanding of its functionality, implementation processes and procedures (McKnight, 2017)s.
Conclusion
The NIST system is highly recommended, and many agencies and institutions have used it. However, the politics surrounding the framework could see other better cybersecurity frameworks being developed. This may be done because the NIST framework is government based and it could be subjected to tampering by agencies such as the NSA.
References
Barrett, M. P. (2018). Framework for improving critical infrastructure cybersecurity.
Keller, N (2017). “Cybersecurity Framework Draft Version 1.1”. NIST. Retrieved October 5, 2017.
McKnight, J. (2017).
Pohl, F., & Schotten, H. D. (2017). Secure and scalable remote access tunnels for the IIoT: an assessment of OpenVPN and IPsec performance. In European Conference on Service-Oriented and Cloud Computing (pp. 83-90). Springer, Cham.Sumathi, K., & Damodaram, R. (2018). Survey and analysis of phishing detection techniques.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more