Executive's Guide to Cyber Risk by Moyo Siegfried;
Author:Moyo, Siegfried; [Moyo, Siegfried]
Language: eng
Format: epub
Publisher: John Wiley & Sons, Incorporated
Published: 2022-07-11T00:00:00+00:00
2.3 3 FRAMEWORK PROFILE
The Framework Profile (âProfileâ) is the alignment of the Functions, Categories, and Subcategories with the business requirements, risk tolerance, and resources of the organization. A Profile enables organizations to establish a roadmap for reducing cybersecurity risk that is well aligned with organizational and sector goals, considers legal/regulatory requirements and industry best practices, and reflects risk management priorities. Given the complexity of many organizations, they may choose to have multiple profiles, aligned with particular components and recognizing their individual needs.
Framework Profiles can be used to describe the current state or the desired target state of specific cybersecurity activities. The Current Profile indicates the cybersecurity outcomes that are currently being achieved. The Target Profile indicates the outcomes needed to achieve the desired cybersecurity risk management goals. Profiles support business/mission requirements and aid in communicating risk within and between organizations. This Framework does not prescribe Profile templates, allowing for flexibility in implementation.
Comparison of Profiles (e.g., the Current Profile and Target Profile) may reveal gaps to be addressed to meet cybersecurity risk management objectives. An action plan to address these gaps to fulfill a given Category or Subcategory can contribute to the roadmap described above. Prioritizing the mitigation of gaps is driven by the organization's business needs and risk management processes. This risk-based approach enables an organization to gauge the resources needed (e.g., staffing, funding) to achieve cybersecurity goals in a cost-effective, prioritized manner. Furthermore, the Framework is a risk-based approach where the applicability and fulfillment of a given Subcategory is subject to the Profile's scope.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Cryptography | Encryption |
Hacking | Network Security |
Privacy & Online Safety | Security Certifications |
Viruses |
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(5794)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(5495)
Machine Learning Security Principles by John Paul Mueller(5465)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(5141)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(5136)
Solidity Programming Essentials by Ritesh Modi(3610)
Microsoft 365 Security, Compliance, and Identity Administration by Peter Rising(3242)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3226)
Mastering Python for Networking and Security by José Manuel Ortega(3224)
Future Crimes by Marc Goodman(3219)
Blockchain Basics by Daniel Drescher(3184)
Operationalizing Threat Intelligence by Joseph Opacki Kyle Wilhoit(2954)
Mobile App Reverse Engineering by Abhinav Mishra(2785)
Learn Computer Forensics - Second Edition by William Oettinger(2753)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2742)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2677)
The Code Book by Simon Singh(2611)
The Art Of Deception by Kevin Mitnick(2503)
Incident Response with Threat Intelligence by Roberto Martínez(2456)
