Peer Response HSE 350
Instructor (Need a response as well): Good work addressing the role of the NIST. I believe the monitoring phase is especially important. How has cybersecurity changed over the past ten years?
Response #1 (Audrey): NIST uses a variety of techniques and standards to protect federal networks from cybersecurity and privacy risks. For example, The NIST Cybersecurity Framework which provides a set of guidelines and best practices for managing cybersecurity risk in a consistent and effective way. The Risk Management Framework provides a comprehensive, flexible, repeatable, and measurable 7-step process for managing information security and privacy risk for organizations and systems. The NIST also provides the Privacy Framework, and other factors like Cybersecurity Supply Chain Risk Management and the workforce framework. Recently one of the t initiatives by NIST is to develop an Artificial Intelligence Risk Management Framework, which aims to improve the management of risks to individuals, organizations, and society associated with artificial intelligence The AI-RMF is intended to be compatible with the existing NIST frameworks, such as the CSF and the RMF, and to address the specific challenges and opportunities posed by AI. There are many different technologies and standards they use these are just some prime examples and what job they fulfill. The Enhanced Risk Management Models are also used by NIST are based on the concept of integrating cybersecurity and enterprise risk management. This means that cybersecurity risk is not treated as a separate or isolated issue, but rather as part of the overall risk management strategy of the organization. By aligning cybersecurity objectives with business objectives, organizations can better prioritize their resources, communicate their risk posture, and achieve their desired outcomes.
The Enhanced Risk Management Models are designed to be practical and adaptable to different contexts and needs. They are not prescriptive or one-size-fits-all solutions, but rather provide a common language and framework for understanding and managing risk. They also leverage existing standards and guidelines, such as the NIST SP 800 series, to support implementation of risk management programs. However, like any model or framework, they are not perfect or complete.
Response #2 (Hudson): The National Institute of Standards and Technology (NIST) works in many ways to ensure the highest standard for safety and constantly improve and work to be better. NIST constantly works to create and follow standards that work to ensure the highest level of safety to protect federal networks. One thing that NIST does to help with security is engage with stakeholders and the public very often to make sure that they have systems that work to address the main problems and help to improve security measures. NIST has different activities and techniques within the realm of cybersecurity that are focused on specific needs and can make a positive difference. NIST listed specific priorities that include, “cryptography, emerging technologies, enhanced risk management, identity and
access management, cybersecurity measurements, privacy, trustworthy networks, trustworthy
platforms, and education, training, and workforce development” (NIST Cybersecurity, 2022). Some standards that NIST has help with their overall function and success such as being open and transparent, being collaborative, being practical, and most importantly forward-thinking to stay ahead of the issue. NIST does a great job of working with everyone in both the private and public sector to ensure optimal success (NIST Cybersecurity, 2022). Upon evaluating the Enhanced Risk Management Model, a basic overview recommended that stakeholders create Integrated Cybersecurity and Enterprise Risk Management, NIST Cybersecurity Framework, Risk Management Framework, Privacy Framework, and Cybersecurity Supply Chain Risk Management (NIST Cybersecurity, 2022). In my opinion I think that these models are very practical and work very well. Although there is constant need for improving NIST does a great job of maintaining constant improvements and keeping systems, techniques, and standards up to date with the needs of all levels. These models play a crucial role when it comes to assisting organizations in both the public and private sector and help to increase their level of cybersecurity and risk management. These models give a very structured and secure not to mention safe way of managing cybersecurity risks. These models work together in a great way to improve the safety of infrastructure and remain on top of cybersecurity threats. With the implement of constant improvement and upgrading while at the same time providing risk management there is a very strong security wall set in place.
References:
NIST Cybersecurity & Privacy Program Extended Fact Sheet. (2022, July). https://www.nist.gov/system/files/documents/2022/07/21/Extended%20Cybersecurity%20Vitals%20Fact%20Sheet.pdf
Must be 100 words each
Instructor response does NOT have to be 100 words
See Rubric for details
