Evaluating The Implementation of NIST Cybersecurity Framework (version 1.1)
As part of the University’s implementation of the NIST Cybersecurity Framework, an organization-wide security assessment resulted in a prioritized data security mitigation and remediation plan –which became a launch point for an ongoing dialogue on a more holistic approach to security issues in general.
Situation:
The University of _ – with 5,400 faculty members serving 16 schools on five campuses and close ties to the University of _ Medical Center – ranks in the very top cluster of U.S. public research universities. The decentralized nature of cybersecurity management made it challenging for the University’s central IT organization to understand and manage multiple cybersecurity risk efforts and plans.
Drivers:
The need to meet cybersecurity needs associated with managing federal grant recipients while alleviating complexity.
Process:
_ Information Technology initiated a three-step hybrid approach, which builds an environment for those needing NIST 800-171 compliance and fits within the Cybersecurity Framework, as the basis for all risk assessment across the University.
Lessons Learned:
Departments that did not embrace the initial pilot Information Technology risk assessment process due to its complexity would welcome a process organized along the lines of the Cybersecurity Framework and NIST 800-171.
Adopting specific guidelines like NIST 800-171 could actually make requirements for compliance easier to communicate and more widely accepted.
Note: _
Case Study Questions:
Explain three ways how the Framework offers a flexible way to address cybersecurity, including cybersecurity’s effect on physical, cyber, and people dimensions.
Explain three ways how the Framework can assist organizations in addressing cybersecurity as it affects the privacy of customers, employees, and other parties.
For This or a Similar Paper Click Here To Order Now
