book

NIST CSF 2.0 - Your essential introduction to managing cybersecurity risks

by Andrew Pattison

February 2025

Beginner to intermediate

94 pages

1h 27m

English

IT Governance Publishing

Read now

Unlock full access

Origins of the CSFThe NIST Cybersecurity Framework
Relevant factors and variablesImplementation benefitsStructure
FunctionsCategoriesSubcategoriesFramework profilesFramework implementation tiers
Informative referencesNIST SP 800-53Implementation examplesQuick-start guides

GovernIdentifyProtectDetectRespondRecover
MethodologiesRisk responsesNIST Risk Management Framework
Step 1: Determine objectives, priorities, and scopeStep 2: Identify assets and risksStep 3: Create a current profileStep 4: Conduct a risk assessmentStep 5: Create a target profileStep 6: Perform a gap analysis and develop an action planStep 7: Implement the action planContinual improvementDecision-making and implementation responsibilities
ISO 27001ISO 22301Combining ISO 27001, ISO 22301, and the CSF

Content preview from NIST CSF 2.0 - Your essential introduction to managing cybersecurity risks

CHAPTER 2: FRAMEWORK CORE

The framework core (‘core’) defines the high-level cybersecurity functions that protect your organization. It takes a structured approach to managing cybersecurity risk and outlines the key outcomes of implementing the framework. The core has three elements:

1. Functions

2. Categories

3. Subcategories

Figure 1 illustrates the core structure.⁷

This figure is a flowchart. At the top, there is a rectangle shape labelled ‘Cybersecurity Framework Core’. Underneath this, there are three blue lines that lead to three separate pale blue rectangle shapes. The first rectangle shape is on the left-hand side and is labelled ‘Functions’. The second rectangle shape is in the middle and is labelled ‘Categories’. The third rectangle shape is on the right-hand side and is labelled ‘Subcategories’. ‘Functions’, ‘Categories’ and ‘Subcategories’ are the three core elements of the CSF. A blue line flows from the ‘Functions’ shape to a smaller yellow rectangle shape underneath it. This yellow rectangle is labelled ‘Govern’. A blue line connects ‘Govern’ to a blue rectangle underneath it labelled ‘Identify’. A blue line connects ‘Identify’ to a purple rectangle underneath it labelled ‘Protect’. A blue line connects ‘Protect’ to an orange rectangle underneath it labelled ‘Detect’. A blue line connects ‘Detect’ to a red rectangle underneath it labelled ‘Respond’. A blue line connects ‘Respond’ to a green rectangle underneath it labelled ‘Recover’. The rectangles: ‘Govern’, ‘Identify’, ‘Protect’, ‘Detect’, ‘Respond’ and ‘Recover’ exist within a blue lined perimeter. Returning to the ‘Categories’ core element, a vertical blue line connects this shape to six grey rectangle shapes underneath it. The first two grey rectangles each have a blue line that exits their left-hand side, and reaches the blue perimeter next to the ‘Identify’ rectangle on the left-hand side. The third and fourth grey rectangles each have a blue line that exits their left-hand side, and reaches the blue perimeter next to the ‘Detect’ rectangle on the left-hand side. The fifth and sixth grey rectangles each have a blue line that exits their left-hand side, and reaches the blue perimeter next to the ‘Recover’ rectangle on the left-hand side. Underneath the third core element rectangle ‘Subcategories’, there are eight light grey rectangles. These eight rectangles are not connected to each other, but the first four have blue lines that exit their left-hand side and connects each of them to the second grey rectangle underneath the ‘Categories’ core element. The last four light grey rectangles have a blue line that exit their left-hand side and connects them to the sixth grey rectangle underneath the ‘Categories’ core element. — **Figure 1: Framework Core Structure**

Functions

The core contains six functions that outline key cybersecurity outcomes:

1. Govern: Understand the context in which the organization operates. Define policies, roles and responsibilities, risk management strategies, and oversight mechanisms, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

Alan Calder

Cybersecurity and Third-Party Risk

Gregory C. Rasner

A Comprehensive Guide to the NIST Cybersecurity Framework 2.0

Jason Edwards

From ChatGPT to HackGPT: Meeting the Cybersecurity Threat of Generative AI

Karen Renaud, Merrill Warkentin, George Westerman

Publisher Resources

ISBN: 9781787785687Publisher Website