CYSE 200T AI Assignment 1: What to do with Cybersecurity?

Posted by nguma001 on

Nathan Guman
202420_SPRING_CYSE200T_32776
CYSE-200T – Cybersecurity, Technology & Society
AI assignment 1
Due Wed Feb 16, 2025 11:59pm
TASK:
Use Microsoft Word for this assignment.
In this assignment, you will go to your favorite AI tool, Chat GPT, Gemini, CoPilot, or others, and examine the differences between the previous 1.1 version of the NIST Cybersecurity FrameworkLinks to an external site. and the latest 2.0 release. This exercise requires you to conduct external research as to why NIST thought these enhancements to such a widely popular framework were necessary.
Here is a suggested PROMPT (You can modify as you wish) :
I need a one-page synopsis of the differences between the NIST Cybersecurity Framework 1.1 and 2.0
DELIVERABLE
1.
First, copy the resulting answer from your prompt and paste it into a Word Document.
2.
Use the “Paste As” function and select “Formatted Text RTF”
3.
Clean up the document, removing extraneous info, but be sure to leave the prompt.
4.
For each of the differences, insert a comment on your take as to WHY this change was needed. 3 to 5 sentences will enough (Instructions)Links to an external site..
5.
Print the document, along with your comments, to a PDF file (InstructionsLinks to an external site.).
6.
Post the printed PDF to this assignment.
Response
Nathan Guman
CYSE 200T
February 12, 2025
Prompt:
I need a one-page synopsis of the differences between the NIST Cybersecurity Framework 1.1 and 2.0
NIST 1.1 to 2.0
The NIST Cybersecurity Framework (CSF) has undergone significant updates from version 1.1 to 2.0, reflecting the evolving cybersecurity landscape. Below is a concise overview of the key differences between the two versions:

  1. Expanded Scope and Integration

    Global Applicability: Version 2.0 broadens the framework’s focus beyond U.S. critical infrastructure to encompass organizations worldwide, acknowledging the universal nature of cybersecurity threats.

    Integration with Other Frameworks: The updated version provides guidance on aligning with various cybersecurity frameworks, standards, and guidelines, facilitating a more cohesive cybersecurity strategy.
    o
    Version 1.1 focused entirely on U.S. infrastructure and the U.S. approach to cybersecurity. In my opinion the change was an attempt to further integrate US, European, and western countries approach to cybersecurity. Interoperability and standardization is one of the biggest overall objectives across the cybersecurity world.
  2. Introduction of the ‘Govern’ Function

    New Core Function: Version 2.0 introduces ‘Govern’ as a core function, emphasizing the importance of governance and leadership in cybersecurity management. This addition underscores that cybersecurity is integral to an organization’s governance and strategic planning.
    o
    NIST 2.0 elevates Govern to the sixth core function. In my opinion it was added to establish a minimal legal liability framework organizations are expected to adhere to. The Govern is all about risk management and risk ownership. The govern sits a base on which the other 5 core aspects sit requiring oversight and ownership at every level.
  3. Emphasis on Continuous Improvement and Integration

    Improvement Category: Version 2.0 introduces an ‘Improvement’ category within the ‘Identify’ function, highlighting the need for continuous enhancement of cybersecurity practices.

    Alignment with Enterprise Risk Management (ERM): The framework now emphasizes better integration with ERM, aligning cybersecurity risk management more closely with broader organizational risk management practices.
    o
    NIST 2.0 was all about streamlining and interoperability. This includes interoperability with how businesses and organizations already did things. ERM was already in place for many organizations. By including cybersecurity in into a continuous improvement and risk management scheme it more easily makes cybersecurity a more formalized and essential part of the organization. It is just like any other risk.
  4. Enhanced Profiles and Tiers

    Organizational Profiles and Tiers: CSF 2.0 expands on the concept of Organizational Profiles and Tiers, helping organizations describe their current and target cybersecurity postures and assess their progress. The Tiers characterize an organization’s cybersecurity practices rigor, with a clear path from ‘Partial’ to ‘Adaptive’ practices.
    o
    This additional allowed more specificity in how cybersecurity goals and practices could be measured and achieved in a structured way. Often times with new technologies organizations say they want more of the latest thing but no real way to measure how to include it. For example, everyone seems to want AI involved in their business now, but often AI is not the best option or even counterproductive to the organization’s goals. Having clear goals and articulated objectives allows for measurable interrogation.
  5. Implementation Examples and Informative References

    Practical Guidance: The updated framework includes ‘Implementation Examples’ and ‘Informative References’ to provide organizations with practical guidance on achieving the framework’s subcategories, bridging the gap between theory and practice.
    o
    Standardization and interoperability continue to be the goal for NIST 2.0. By providing examples of how things can be reported or referenced, it allows for seamless integration. Instead of saying more cybersecurity, a company can mandate certain tasks be done when certain criteria are met. Actionable work tasks and items for real world events.
    These updates in NIST CSF 2.0 aim to provide a more comprehensive, globally applicable, and actionable framework for organizations to enhance their cybersecurity posture.

Leave a Reply

Your email address will not be published. Required fields are marked *