4.1: Description and Objectives
Description
This module covers cybersecurity critical infrastructure and risk management. It introduces the NIST Cybersecurity Framework, the structure of the framework, and how it is used. It also describes the processes of risk management in the framework—framework basics, structure, and a business process management approach to implementing and applying the framework.
Objectives
- Describe basic security service principles (confidentiality, integrity, availability, and authentication) and their relative importance to CI systems.
- Explain basic risk management principles.
- Identify various risk management frameworks and standards, such as the NIST Cybersecurity Framework and the North American Electricity Reliability Council (NERC).
- Describe how to use the framework core process.
- Describe how to use the Framework Implementation Tiers to identify cybersecurity risk and the processes necessary to effectively manage that risk.
- Describe the Cybersecurity Framework Assessment Process Model.
- Demonstrate an understanding of how the framework process holistically manages risk.