Reference no: EM133140452

Question - Based on your performance on other projects, your supervisor has asked you to  make a presentation to existing employees and a few who were recently hired. Specifically, your supervisor wants these employees to learn the evolution of the NIST Cybersecurity Framework, initiated by President Obama's Executive Order 13636, Improving Critical Infrastructure in Cybersecurity, dated February 12, 2013. Knowing that the employees will include accounting, auditing, and new staff members, you feel excited to be responsible for preparing the training materials. Given the diversity of the group, the training materials must be basic enough to teach the new hires, yet complex enough to challenge the existing accounting and auditing personnel.

You recall from your graduate program at UMUC, that the NIST framework was the first attempt by the federal government and private sector to develop mutually acceptable voluntary best practices that all organizations could use to protect their assets. Development of the NIST framework was a monumental task given that it was designed to be implemented in organizations of any size and in any industry. Furthermore, the federal government and private sector organizations fully understood that U.S. critical infrastructure sectors (there are 16 sectors) supporting the interests of business owners also needed protection for the good of the country.

The cost-benefit constraint was central to the development of the NIST Cybersecurity Framework 1.0, which was published on February 12, 2014. This first iteration was developed through consensus to be a voluntary benchmarking tool. A few years later, in May 2017, President Trump issued his first executive order on cybersecurity by requiring all government agencies and their information systems contractors to manage using the NIST Cybersecurity Framework. NIST published its first update to its framework by releasing the NIST Cybersecurity Framework 1.1 in April 2018. This 2018 version includes a new section on supply chain management issues. Further, the framework is now referred to as a maturity model.

Steps to Completion

1. Review the NIST Cybersecurity Framework on the NIST Website. Updates to the NIST Cybersecurity Framework are made regularly. Thus, do not assume the Framework hasn't changed since you last read it.

2. Research NIST Cybersecurity Framework to determine why it is referred to as the maturity model.

3. Make a timeline of the evolution of the NIST Cybersecurity Framework.

4. Discuss the five core functions and categories, which is referred to as the Core.

5. Distinguish between the four implementation tiers of organizational competence and the criteria for measuring levels of organizational cybersecurity maturity.