LibGuides: TIM-5030 v4: Week 1 Resources

Week 1 Resources

U.S. Dept. of Health & Human Services – Health Information Privacy
U.S. Department of Health & Human Services. Cyber security guidance material. Retrieved from https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity/index.html
This website provides educational materials specifically designed to give HIPAA-covered entities and business associates insight into how to respond to cyber-related security incidents.
NIST CSF: Framework for Improving Critical Infrastructure Security
National Institute of Standards and Technology. (2018, April). Framework for improving critical infrastructure security.
The NIST cybersecurity framework (CSF) focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization's risk management processes. The Framework consists of three parts: the Framework Core, the Implementation Tiers, and the Framework Profiles. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across sectors and critical infrastructure. Elements of the Core provide detailed guidance for developing individual organizational Profiles.
NIST Risk Management Framework (RMF)
National Institute of Standards and Technology. (2021, August). NIST risk management framework. CSRC.
The NIST RMF is important because managing organizational risk is paramount to effective information security and privacy programs; the RMF approach can be applied to new and legacy systems, any type of system or technology (e.g., IoT, control systems), and within any type of organization regardless of size or sector.
How to Know Which NIST Framework to Use
Tracy, R. P. (2017, June 16). How to Know Which NIST Framework to Use. NextGov.com.
CISA Analysis of Risk and Vulnerability Assessments
Cybersecurity & Infrastructure Security Agency (CISA). (n.d.). CISA analysis of risk and vulnerability assessments
This website provides a mapping of various risk and vulnerability assessments (RVAs) to the MITRE ATT&CK® framework. The process used to conduct an RVA is described and a variety of methodologies are discussed.
Cyber Risk Management: Strategic Plan or Afterthought?
Langford, M. (2020). Cyber Risk Management: Strategic Plan or Afterthought? ISSA Journal, 18(10), 18–21.
Benchmarks and Audit Standards
Greene, S. (2020). 32.2 Frameworks and guidance (Lesson 32: Explain the importance of applicable regulations standards or frameworks that impact organizational security posture) [Video]. In CompTIA Security+ SY0-601. Pearson IT Certification.