10. Intro to Security Regulations Exercise
Intro to Security Regulations Exercise
For this exercise, you are to explore the NIST Computer Security Resources Center (CSRC) Special Publications found at https://csrc.nist.gov/publications/sp. NIST is chartered to provide information security and data privacy standards and guidelines, which are contained in their Special Publications. The 800 Series are the ones dedicated to security.
NIST Special Publications
QUIZ QUESTION::
Go to the NIST Special Publications SP 800 Series website: https://csrc.nist.gov/publications/sp800. Using that website, match the title of the Special Publication with its SP number. You don't need to be concerned about the version or revision number.
ANSWER CHOICES:
|
SP Number |
SP Title |
|---|---|
SP 800-171 |
|
SP 800-160 |
|
SP 800-63-3 |
|
SP 800-53 |
|
SP 800-61 |
SOLUTION:
|
SP Number |
SP Title |
|---|---|
|
SP 800-61 |
|
|
SP 800-171 |
|
|
SP 800-53 |
|
|
SP 800-160 |
|
|
SP 800-63-3 |
Reflect on NIST SPs
QUESTION:
From the NIST Special Publications SP 800 Series website, pick one of the publications and explain what it contains and how you would use it. Below are some examples for you to explore:
- NIST SP 800-210(Draft) - General Access Control Guidance for Cloud Systems
- NIST SP 800-181 - National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
- NIST SP SP 800-61 Rev. 2 - Computer Security Incident Handling Guide
ANSWER:
Answers may vary. NIST Special Publications are used throughout cybersecurity. Use this as an opportunity to understand how they can help you as a security professional and your organization secure their infrastructure.
- NIST SP 800-210 presents an initial step toward understanding security challenges in cloud systems by analyzing the access control (AC) considerations in all three cloud service delivery models—Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
- NIST SP 800-181 describes the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework), a reference structure that describes the interdisciplinary nature of the cybersecurity work. It serves as a fundamental reference resource for describing and sharing information about cybersecurity work and the knowledge, skills, and abilities (KSAs) needed to complete tasks that can strengthen the cybersecurity posture of an organization.
- NIST SP800-61 assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively. This publication provides guidelines for incident handling, particularly for analyzing incident-related data and determining the appropriate response to each incident.