ABSTRACT
After reading this chapter and completing the case project, you will • Have an overview understanding of the Framework for
Improving Critical Infrastructure Cybersecurity including its history, purpose, and benefits;
• Be able to identify and describe each component of the framework core;
• Understand the implementation tier model of the framework and be able to compare that model to similar models used in the ICT industry;
• Understand the how the framework uses profiles to aid organizations in creating and assessing their cybersecurity program; and
• Be able to develop a plan for implementing the framework. Understanding risk management and security frameworks is not
a simple accomplishment. With cyberthreats changing on nearly a daily basis, and with them, an organization’s business environment and ability to meet new changing requirements, the ability to apply new risk strategies is critical. Strategies that are well planned, developed, and documented are applied to the vast array of levels of security needed in order to evolve and support business operations and risk, not simply as an effort in compliance of local, state, and federal regulations.
