Cyber Security Framework: Components, Tiers, and Stakeholders

Verified

Added on 2023/06/10

AI Summary

This document provides a comprehensive solution to a Cyber Security Framework assignment, addressing key questions about its importance, components, stakeholders, and implementation tiers. The solution begins by explaining the significance of the CSF in providing a common language and systemic methodology for managing cybersecurity risks, emphasizing its role in building a flexible cybersecurity strategy. The assignment then delves into the three core components of the CSF: Implementation Tiers, Framework Core, and Profiles, detailing their functions and how they contribute to risk reduction and organizational alignment. Furthermore, the solution identifies the key stakeholders involved in the implementation process, highlighting the roles of government and private entities. Finally, the assignment concludes by explaining the four tiers of the framework and why management should care, emphasizing their role in integrating cybersecurity risk decisions and ensuring the organization meets its goals for a risk-free environment. References are also provided to support the arguments.

Running head: CYBER SECURITY
Cyber Security
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1CYBER SECURITY
Question 1.
Why is CSF important? Why was it created?
Ans. The CSF or the Cyber Security Framework is important because it provides a language
that is common for all and a methodology that is systemic to manage the risk that are
associated with the cybersecurity. The cyber security framework have several core activities
that is perfectly made for meeting the requirements of the organizations (Choo 2014). One
thing have to keep in mind that the implementation of the cyber security framework only
compliment the program of the cyber security and it will not change or replace the
organizations program of the cyber security.
In the recent time, the cyber security framework has become very important in the
field of the dynamic threat environment which build a flexible cyber security strategy for the
organizations that can grow continuously to reduce the risk in the company. This framework
is created to provide opportunities to the organizations to search the risk in the organisation
and mitigate the risks accordingly.
Question 2.
What are the three components of CSF? Denote and briefly explain.
Ans. The three components of the Cyber Security Framework are
1. Implementation Tiers
2. Framework Core
3. Profiles
The first component of the cyber security framework is the implementation tier. The
tiers shows that the degree of the framework. It exhibits the characteristics of the

2CYBER SECURITY
cybersecurity. Four tiers are there starting from Partial that is the 1st tier and ending with
the Adaptive tier that is the tier 4. Tier 2 and the Tier 3 are risk informed and repeatable
respectively (Barrett et al., 2017). The tiers reduces the level of risks for the
organisations.
The second component of the framework is Core. The core consists of several
activities of the framework and the result are categorized and organized in some
references that are informative. The core consists of 5 functions, identify, protect, detect,
respond and recover. These functions are not only limited to the risk management of the
cybersecurity but the other kind of risk management also can be done by these functions
(Scofield 2016). The five functions also further expand to a number of 23 categories.
The third component of the framework is Profiles. Profiles are the unique alignments
of the organizations which are the objective and the requirements of the organization and
the resources that are against the framework’s outcomes. The profile identified by
comparing the two code like the Current and Target of the profile.
Question 3.
Who are the key stakeholders in the implementation process?
Ans. There are two primary or key stakeholders for the cyber security implementation
frame work are mainly government and private entities. The two stakeholders has their own
capabilities and different cost factors (Shackelford et al., 2014). The government stakeholders
can be divided into two sub parts, one is the government contractors another are civilians.
The cyber security framework implementation is more accurate in the private sector. As the
government stakeholders are not investing in the government sectors. The government
stakeholders are the contrast of the private key holders. As the result cyber security
framework lacks the proper maintenance for the sustainable cyber security framework

3CYBER SECURITY
(Shackelford et al., 2015). The more stakeholders puts their money on the framework the
more framework will be sustainable to provide security to mitigate the cyber security scopes
in the organization.
Question 4.
What are the four tiers of the framework and why should management care.
Ans. The four tiers that the cyber security framework consist are:
 Tier 1 (Partial)
 Tier 2(Risk Informed)
 Tier 3 (Repeatable)
 Tier 4 (Adaptive)
The range of the tier is from Tier 1 to Tier 4 and these tiers describes the rigor degree
that is increasing, it make sure that the decisions of the cybersecurity risks must be well
integrated for taking the much bigger decisions, and some certain degree that the
company or the organization receives and shares the information of the cybersecurity
from the external parties. It is not necessary that the tiers will be only represented in the
maturity levels. The management of the organization must determine the tire that is
desired to make sure that the organization meet the goals on the selected level (Dedeke
2017). This also reduces the risks that are associated with the cybersecurity for levelling
the acceptable of the organization. The implementation is feasible for the management of
the organization. It is necessary for the management of the organization to maintain this
properly in order to successfully reduce the risks that are related to the cyber security to
provide the organization risk free environment.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4CYBER SECURITY
Referencs:
Barrett, M., Marron, J., Pillitteri, V. Y., Boyens, J., Witte, G., & Feldman, L. (2017). The
Cybersecurity Framework.
Choo, K. K. R. (2014). A conceptual interdisciplinary plug-and-play cyber security
framework. In ICTs and the Millennium Development Goals (pp. 81-99). Springer,
Boston, MA.
Dedeke, A. (2017). Cybersecurity Framework Adoption: Using Capability Levels for
Implementation Tiers and Profiles. IEEE Security & Privacy, (5), 47-54.
Scofield, M. (2016). Benefiting from the NIST cybersecurity framework. Information
Management, 50(2), 25.
Shackelford, S. J., Proia, A. A., Martell, B., & Craig, A. N. (2015). Toward a global
cybersecurity standard of care: Exploring the implications of the 2014 NIST
cybersecurity framework on shaping reasonable national and international
cybersecurity practices. Tex. Int'l LJ, 50, 305.
Shackelford, S., Proia, A., Martell, B., & Craig, A. (2014). Toward a Global Cybersecurity
Standard of Care? Exploring the Implications of the 2014 NIST Cybersecurity
Framework on Shaping Reasonable National and International Cybersecurity
Practices.