Cover; Title; Copyright; About the Author; Contents; Introduction; The growing digital ecosystem; Federal responses; Past cyber incidents; The NIST Cybersecurity Framework; Chapter 1: Aims of the Framework; Relevant factors and variables; Implementation benefits; Structure; Chapter 2: Framework core; Functions; Identify; Protect, detect, and respond; Recover; Categories; Subcategories; Informative references; ISO 27001; COBIT; NIST SP 800-53; ISA 62443; CIS CSC; How the core elements interact; Implementation
risk management; Methodologies; Risk responses; NIST's Risk Management Framework
Chapter 3: Framework profilesCurrent profile; Target profile; How the two profiles interact; Chapter 4: Framework implementation tiers; How to view the tiers; Risk management aspects; Risk management processes; Integrated risk management program; External participation; Tier 1: Partial; Tier 2: Risk-informed; Tier 3: Repeatable; Tier 4: Adaptive; How the tiers, profiles, and core interact; Chapter 5: Implementing the Framework; Step 1: Determine objectives, priorities, and scope; Step 2: Identify assets and risks; Step 3: Create a current profile; Step 4: Conduct a risk assessment
Step 5: Create a target profileStep 6: Perform a gap analysis; Step 7: Implement the action plan; Continual improvement; Decision-making and implementation responsibilities; Chapter 6: Alignment with other frameworks; ISO 27001; ISO 22301; Combining ISO 27001 and ISO 22301; Appendix: Key changes from Version 1.0 to 1.1; Glossary; Further reading