Method Functional Safety
support@methodcysec.com

NIST Cybersecurity Framework

NIST Cybersecurity Framework

​The National Institute of Standards and Technology is a US governmental institution (part of the US Department of Commerce). The NIST Cybersecurity Framework was initially published in 2014 (v1.0) and updated in 2018 (v1.1, current).

The NIST Cybersecurity Framework was written to provided guidance to US Federal agencies and US operators of critical infrastructure on the management and reduction of cybersecurity risk within their organisations and is based on existing standards and guidance, notably the International Standard for Information Security (ISO 27001) and the International Standard series for Industrial communication networks - IT security for networks and systems (ISA/IEC 62443 series). While the origin of the framework is US-based it has seen widespread adoption, particularly in the financial and telecommunications business sectors.

The NIST Framework approach to cybersecurity is closely aligned with that taken by the EU Network and Information Systems (NIS) Directive (implemented in the UK as the NIS Regulations) for operators of essential services (OES) and digital service providers (DSP) with its 5 core cybersecurity functions of Identify, Protect, Detect, Respond and Recover being mirrored in the NIS Regulations requirements for Managing security risks, Protecting against cyber attack, Detecting cybersecurity events and Minimising the impact of cybersecurity incidents. The NIS Regulations objectives are supported by the UK National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) document.

Method Cyber Security Limited are well versed in current International Standards and best-practice guidance but advise the use of the National Cyber Security Centre Cyber Assessment Framework as the de facto UK standard for security assessment.


 


Title: NIST Cybersecurity Framework
Date: 2021-06-24
Published by: Method Cyber Security



[More Cyber Security news]


Free Seminar: Cyber Security Risk Management – The Fundamentals

The threat landscape is continually evolving and system complexity and inter-connectedness is increasing – so what should you do?

16.07.2024

Free Seminar: Don't buy OT Cyber Security vulnerabilities

Method Cyber Security will be discussing Supply Chain Risks at the FREE CPD Seminar in April.

28.03.2024

IChemE approved OT Cyber Security training course

The =Method Cyber Security Risk Management training course is approved by the IChemE.

15.05.2023

NEW Live Online Introduction to OT Cyber Security Training Course

=Method has introduced a new 1-day Introduction to OT Cyber Security Training course.

12.07.2022

If a system isn't Cybersecure, you can't rely on it to be safe

Throughout the operational life of a process plant controls and safety systems are designed and implemented to perform reliably, consistently and predictably but if a system isn't secure, you can't rely on it to be safe.

30.03.2022

If it is not (cyber) secure, it is not safe - Mike StJohn-Green, CEng FIET, Technical Director, Method Cyber Security

The first reported cyber-attack on a Safety Integrated System demonstrates that systems important to safety need cyber security measures to avoid their safety arguments being invalidated. But there is a broader justification: cyber security risks arise as a direct result of the nature of networked digital technology, which renders existing safety analysis inadequate to mitigate those risks.

26.06.2019

OT and IT Cyber Security combined training discount

Method is encouraging IT and OT Cyber Security teams to develop a common understanding of Cyber Security issues.

12.04.2019

If It Is Not (Cyber) Secure, It Is Not Safe

Mike StJohn-Green and Dil Wetherill are presenting a paper on Cyber Security at Hazards 29.

04.04.2019

What is the relationship between IT and OT Cyber Security?

The effective management of Cyber Security for Industrial Control systems requires cooperation between an organisations IT and OT functions.

13.03.2019

What happens when you connect OT to IT Corporate Networks?

Organisations are connecting Operational Technology (ICS / IACS / Scada, PLCs, DCS) to corporate networks for good business reasons but this can expose legacy technologies to malicious attack from the internet.

08.02.2019


E: support@methodcysec.com. T: 44 (0)1462 713313. W: www.methodcysec.com

LinkedinMethod Functional Safety member of InstMC

Functional Safety + Process Safety + Cyber Security + Compliance Assessment + Competency Register + Software Solutions = Method Safety and Security

Address: Method Cyber Security Ltd. Method House, Davis Crescent, Hitchin, SG5 3RB
Phone: +44 (0)1462 713313 Email: support@methodcysec.com Website:

Terms and Conditions | Privacy Policy. Registered In England 08453480. VAT No. GB 96 3453 69. Site © Copyright Method Cyber SecurityLtd 2024