Journal Free Write #2

Journal Entry #2

A framework, in general terms is a supporting structure. You could say that the skeleton is  a framework of the human body, or rebar is a framework for a building. In programming terms, a  framework is a general abstraction that provides a standard program that lets the user insert their  own code for project specific functionality, similar to a default template. Frameworks are useful  because they create a broad template usable by a wide range of users who can tailor the specific  details to their own individual needs. The framework created by NIST provides “…a common  language for understanding, managing, and expressing cybersecurity risk, and is a tool for  aligning policy, business, and technological approaches to managing that risk” ​(“Framework for  improving critical infrastructure cybersecurity”, 2018, p. 6).  It has five specific functions for people  using the framework to step through simultaneously. The first step is Identify, things like risk  assessment and asset management fall under this. Identify risks to the entity’s assets. Next is to  protect, fairly self explanatory; come up with safeguards to make sure your services can be  delivered.  Detect is a third function, and this entails creating ways to let you know when a  cybersecurity breach occurs; monitor your network continuously. Next is Respond which is, again,  self explanatory. How do you respond to a cybersecurity event? Do you hold an internal meeting  to discuss the incident, who analyzes the breach and the ramifications of it? How do you improve  on your current monitoring and/or security practices in place to prevent this kind of breach in the  future? The last function listed in the Framework is Recover: get your services back up and  running to pre-breach functionality. Again, these five functions are meant to be done at the same  time, they’ve just been listed in this order for simplicity’s sake. These functions are meant to  create a path for assessing your risks, putting security in place, and then responding and  recovering to any form of cybersecurity event.

 

Reference

  • United States of America, National Institute of Standards and Technology. ​Framework for  improving critical infrastructure cybersecurity ​ (p. 6).