Custom Writing Help For You!

Special Discounts Offers! 20-30% Off!

Posted: January 31st, 2023

Cyber threats

In this assignment, students will review the NIST cybersecurity framework and ISO 270001 certification process. In a visual format (such as table, diagram, or graphic) briefly explain the differences, similarities, and intersections between the two. Then, present the following in 750-1,000 words:

A brief description of the NIST Cybersecurity framework
A brief description of the ISO 270001 certification process
The number of controls/sub-controls used in the NIST CSF and ISO 270001 certification process framework to support the protections around computer and cyber forensics
An explanation as to why organizations should seek this framework and/or certification to base their security program strategy and decisions upon
An explanation as to why ISO 270001 has rapidly become an industry best practice/standard against which organizations are basing their cybersecurity programs (including value-add, cost, and pros/cons)
Make sure to reference academic or NIST official publications (most current year available via the Internet) or other relevant sources published within the last 5 years.

Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center.

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.

Cyber threats have become rampant given the technological advancement that is occurring which forces the need to protect computer systems. Whether personal, business or organizational, data within the computer systems need to be kept safe and free from theft and damage. The government has put in place cybersecurity policies, standards, and regulations which must be followed by users of the computer systems in order to enhance data safety and integrity.
NIST Cybersecurity Framework
The National Institute of Standards and Technology (NIST) is a cybersecurity framework that was designed by the United States government. NIST provides a policy framework that provides computer security guidance regarding the manner through which organizations in the private sector can assess and enhance their ability to identify, prevent, and quickly respond to cyberattacks (Barrett, 2018). Its establishment in 2014 was a response to improve the critical infrastructure cybersecurity as a standardized framework within the United States.
The NIST is organized into three different parts namely; the framework core, the implementation tiers, and the framework profiles (Almuhammadi & Alsaleh, 2017). The framework Core comprises of a set of cybersecurity activities, outcomes, and reference that are significant across various sectors and critical infrastructure. The framework profiles enable organizations to align their cybersecurity activities with their goals and resources. Implementation Tiers work as a mechanism through which organizations can view and understand the nature of their cybersecurity approach.
The NIST cybersecurity framework is organized into five different main functions that work concurrently in representing a cybersecurity lifecycle. The first function involves identification where an organizational understanding of cybersecurity risk management in relation to its business context and resources is developed. Protection then follows as a step to support the ability to limit the impact of cybersecurity on the organization. The third function is Detection which enables timely identification of cyber threats. The response function then follows to contain the impact of a cybersecurity incident. Recovery comes last as a function to support a timely return to normal operations and minimize the impact of cyber threat (NIST, 2019).
ISO27001 Certification
The International Standard for Organization (ISO) functions as an independent non-governmental organization which focuses on the creation of safe, reliable, and high-quality products and services. ISO 27001 falls under the information security management system whereby an ISMS serves as a framework that provides policies and procedures involved in the information risk management processes of an organization (ISMS, 2019). The certification to ISO 27001 process involves 10 steps (Valdevit et al., 2009). Step 1 is the preparation by establishing a gap analysis that is useful in providing a reliable business case. Step 2 is the establishment of context, scope, and objectives which helps to identify both internal and external threat factors. Step 3 is the establishment of a management framework describing processes needed to meet the implementation objectives of ISO27001. Step 4 is basically all about conducting risk assessment followed by Step 5 where controls are developed to mitigate the risks. Step 6 involves training the staff on the application of the ISO standards. Step 7 involves reviewing and updating the required documentation followed by measuring, monitoring, and reviewing the performance of the ISMS as Step 8. Step 9 involves conducting an internal audit to ensure that the registration is globally recognized. Step 10 is the certification audit which involves verifying the legality of the ISO Standards 27001, then an organization may receive their certification after all is confirmed.
Why organizations should consider a framework
The NIST framework is a very significant tool for organizations as it helps to complement the existing business and cybersecurity operations. It enables business partners to an organization to identify the existing gaps within the cybersecurity operations hence making it possible to set up privacy programs. Target profiles enable an organization to make informed decisions regarding the purchase of products and services since it involves constant communication on cybersecurity requirements with stakeholders and using a set of cybersecurity requirement on the supplier (Teodoro et al., 2015). The organization then gets to make a choice from the list of suppliers based on the cybersecurity requirements.
Why ISO is considered best-practice
ISO 27001 has grown to become among the most desirable standards due to its ability to minimize information security and data protection risk. Through being ISO 27001 certified, an organization demonstrates its adherence to regulatory authorities and its seriousness to information security matters (Disterer, 2013). The fact that ISO 27001 is recognized as the best-practice, making use of the standard enables an organization to attract new clients and also to retain the existing business relations hence generating more income.

Comparison of NIST CSF versus ISO 27001
Characteristic NIST CSF ISO 27001
Similarities Involves establishment of information security controls Involves establishment of information security controls
Differences Has five overarching functions in its cybersecurity measures Contains 10 clauses in its regulations
Intersection Provides organizations with extensive guidance and protection from cyber threats Provides organizations with extensive guidance and protection from cyber threats
Number of controls used to support cybersecurity and cyber forensic Has 10 controls divided into 5 core functions Has 114 control sets of Annex A divided into 14 categories

NIST Cybersecurity Framework (NIST CSF) helps to improve the security operations and governance for both the private and public organizations. It provides guidelines through which the security posture and risk management of organizations may be transformed by using a proactive approach rather than a reactive approach. ISO 27001 is technology neural and it makes use of a top-down approach when it comes to risk assessment and management. Certification to the ISO 27001 standard is necessary; however, it is not compulsory. It is essential when it comes to assuring clients and customers that the recommendations have been duly followed.

Almuhammadi, S., & Alsaleh, M. (2017). Information Security Maturity Model for Nist Cyber Security Framework. Computer Science & Information Technology, 51.
Barrett, M. P. (2018). Framework for improving critical infrastructure cybersecurity. National Institute of Standards and Technology, Gaithersburg, MD, USA, Tech. Rep.
Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for information security management.
ISMS. (2019). ISO 27001 Information Security Get research paper samples and course-specific study resources under   homework for you course hero writing service – Manage ment System. Retrieved from
NIST. (2019). Framework Documents. Retrieved from
Teodoro, N., Gonçalves, L., & Serrão, C. (2015). NIST CyberSecurity Framework Compliance: A Generic Model for Dynamic Assessment and Predictive Requirements. In 2015 IEEE Trustcom/BigDataSE/ISPA (Vol. 1, pp. 418-425). IEEE.
Valdevit, T., Mayer, N., & Barafort, B. (2009). Tailoring ISO/IEC 27001 for SMEs: A guide to implementing an information security management system in small settings. In European Conference on Software Process Improvement (pp. 201-212). Springer, Berlin, Heidelberg.

Tags: , , , , , , , , ,

Order for this Paper or similar Answer/Assignment Writing Service

Place your order by filling a guided instructions form in 3 easy steps.

Why choose our Study Bay Services?

Like every student, Focusing on achieving the best grades is our main goal

Top Essay Writers

We have carefully cultivated a team of exceptional academic writers, each with specialized expertise in particular subject areas and a proven track record of research writing excellence. Our writers undergo rigorous screening and evaluation to ensure they hold relevant advanced degrees and demonstrate mastery of English grammar, citation style, and research methodology. Recent projects completed by our writers include research papers on topics such as sustainable energy policy, cognitive behavioral therapy, and molecular genetics.

Student-Based Prices

We prioritize attracting highly skilled writers through competitive pay and strive to offer the most cost-effective services for students. References from recent years include surveys of customer satisfaction with online writing services conducted by the American Customer Satisfaction Index between 2018 to 2022, demonstrating our commitment to balancing affordable costs with high standards of work through positive reviews and retention of expert writers.

100% Plagiarism-Free

We guarantee 100% original and plagiarism-free final work through a thorough scanning of every draft copy using advanced plagiarism detection software before release, ensuring authentic and high-quality content for our valued customers. To note, we also do not generate assignment content with AI tool, thus you a guaranteed 0% similarity index for your final research paper.

How it works

When you decide to place an order with Study Pro Essay, here is what happens:

Complete the Order Form

You will complete our order form, filling in all of the fields and giving us as much detail as possible.

Assignment of Writer

We analyze your order and match it with a writer who has the unique qualifications to complete it, and he begins from scratch.

Order in Production and Delivered

You and,the support and your writer communicate directly during the process, and, once you receive the final draft, you either approve it or ask for revisions.

Giving us Feedback (and other options)

We want to know how your experience went. You can read other clients’ testimonials too. And among many options, you can choose a favorite writer.