Order Now
Uncategorized

Framework For Improving Critical Infrastructure Cybersecurity: A Guide To Cybersecurity Planning

8 min read
Posted on 
April 25th, 2025
Home Uncategorized Framework For Improving Critical Infrastructure Cybersecurity: A Guide To Cybersecurity Planning

Steps of NIST framework

Compiling a computer security plan is an essential undertaking for every organization. It protects the information and critical resources from being compromised thus mitigating business risk as it increases the business investments and opportunity (Puhakainen, and Siponen, 2010, pp.757-778). A computer computer security plan is achieved by providing a summary of the information system and describing the security controls in place in order to meet the requirements of the organization. The selected controls must be available in the documentation of a system security plan. This article aims at compiling a computer/information security plan for a company with reference to National Institute of Standard Technology NIST documentation.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper
  • NIST Framework

The National Institute of Standard and cyber security NIST cyber security framework is a framework that was designed to improve the critical infrastructure cyber security. This framework is used by many people as a resource which is help in improving the security governance and operations of public as well as private companies (Ross, McEvilley, and Oren, 2018, pp.14). The framework is divided into five categories according to their functions as follows. Identify: this section enable the organization to understand how they can manage cyber security risks to their system, data, and other assets. Protect: this section is concerned with development and implementation of security to the system to ensure that the system, data and other assets are safe. Detect: this section provides the guides to develop and implement pertinent activities to identify the security events. Respond: this section facilitates the development and implantation relevant activities during security even. Recover: helps in development and implementation of pertinent activities for resilience as well as restoring the activities that were tampered with during security events.

This particular computer security plan will, however focus on section three of the NIST framework that is detection. The detection is subdivided into three sections which will be majored on in the following scenario include: anomalies of events, security continuous monitoring and detection process.

NIST facilitates both improvement and constructions of a new framework. Since BURP is a startup firm as illustrated in the scenario script, its framework will be done as a new framework through the following procedure (Cybersecurity, 2014, pp.14; Shen, 2013, p.16).

Step 1: prioritize and scope

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

This is the step where all important elements of the requirements which facilitate the compliance and successful cyber security resilience are identified. The important elements that will be identified include the organization’s desired state of security baseline, maturity and readiness for the firm. Another significant element is the requisite set of standard framework that will facilitate the organization’s activities, the framework which will be most appropriate for the organization is COBIT framework as it provides the foundation upon which the regulations that will govern computer security for the organization will be laid. Other useful elements will be the system network among other critical information technology assets.

Implementing NIST framework in BURP

Step 2: Orient

After prioritizing on the scope of cyber security program for the business line of process for BURP organization, the related system as well as assets among other requirements will be identified for the organization after which threats and vulnerabilities to the system and other assets will be identified.

Step 3: Create a current profile

This step involves the development of profile. At this stage, the three categories one category and three subcategories from the framework core mentioned in the previous section of this article will be looked into.

Step 4: conduct a risk assessment

After creating the profile, the organization’s state of protection strategy will be measured evaluated. The gaps and opportunities for improvement will be identified through audit.

Step 5: create a target profile  

Based on the sections 3.1 anomalies of events, 3.2 security continuous monitoring and 3.3 detection process, a target profile outlining the security outline of the organization’s system will be created.

Step 6: Determine, analyze and prioritize gaps

The following activities will be carried out in this step: The gaps will be identified by comparing the current and target profile of BURP organization after which a prioritized action plan will be made on basis of which a pertinent security plan will be planned for the corporate.

Step 7: implementation action plan

At this stage, the BURB organization will execute the security plan. This will be done in accordance with the gap identified after the comparison between the current profile and the target profile.

In this section, the cyber security management functions as well as security level profile for BURP organization is illustrated. The security plan use case, as provided in the scenario script, contains a list of threats along with the necessary standards and regulations that BURP must be careful about being that it is a start-up company. The functions are applied to the situation at BURP organization.

Apart from NITS framework, BURP organization follow ISO framework for advice on how the security will be managed and test the security of its critical infrastructures (Smith, Winchester, Bunker, and Jamieson, 2010, pp.463-486; Shackelford, Proia, Martell, and Craig, 2015, p.305.). The NIST cyber security framework will be applied in the organization as follows.

  • Identify

BURP organization has identified the following list of security threats areas:

  1. Use of cloud based software for accounting and project management
  2. Headquarters for keeping critical infrastructures is still under construction, a situation which might lead to lose and or attack of critical infrastructure (Baggett, and Simpkins, 2018, pp. 13).
  • Online platform which is vulnerable to security threats
  1. The company’s data is available all time for anyone  

In order to keep its assets safe, BURP will comply with management controls provided by ISO 27001.

  • Protect

To prevent the security threats, BURP organization will articulate roles and responsibilities alongside policy to govern the following areas:

  1. Access control
  2. Awareness and data training
  3. Data security
  4. Information protection process and procedures
  5. Protective technology

Detect

Additionally, BURP have website, the website will act like the store front of the organization, the entry door for its clients and the entry door for its employees. The organization therefore need to consider cyber-attacks like data breach, stealing of the organization’s assets among other potential attacks (Johnston, and Warkentin, 2010, pp.549-566; FitzPatrick, and Wollman, 2010, pp. 1-4,). The protection measures that will be taken by the organization include: the organization can do penetration test to the system periodically to identify the potential threats, BURP organization can also use payment infrastructures like   cash register; there are many APIs nowadays that provide a cost effective secure ways of making payments being that BURP operates on a very tight budget.

The BURP organization will monitor its access control and network activities including but not limited to repeated attempts of network connection as well as abnormal connection termination by use of firewalls to detect the attackers (Greer, et al., 2014, pp.41).

  • Respond

BURP will develop security incident management guidelines that the organization will follow on the off chance a security breach is detected. The controls will be developed on basis of the security incident handling guide provided by NIST SP 800-61.

  • Recovery

For the organization to recover from vulnerable cyber-attacks, the organization will establish a disaster recovery plan according to the controls cited in NIST SP 800-34.

The above steps will reasonably prepare BURP organization to carry out its business as a new company in the wilds of cyberspace (Kim, 2013, pp. pp.171-179). The organization will find the needs to upgrade cyber security infrastructure as it grow; the organization will be much better prepared for it. Through the above steps, the organization will have visibility into its network and identify its weakness for improvement.

Conclusion

In summary, this document has compiled a pertinent system computer security plan for BURP organization according to the case scenario. The computer security has covered major security vulnerabilities that is associated with a start-up company like BURP organization.

Reference list

Baggett, R.K. and Simpkins, B.K., 2018. Homeland security and critical infrastructure protection. ABC-CLIO, pp. 13.

Cybersecurity, C.I., 2014. Framework for Improving Critical Infrastructure Cybersecurity. Framework, 1, p.11.

Greer, C., Wollman, D.A., Prochaska, D.E., Boynton, P.A., Mazer, J.A., Nguyen, C.T., FitzPatrick, G.J., Nelson, T.L., Koepke, G.H., Hefner Jr, A.R. and Pillitteri, V.Y., 2014. NIST framework and roadmap for smart grid interoperability standards, release 3.0 (No. Special Publication (NIST SP)-1108r3).

Johnston, A.C. and Warkentin, M., 2010. Fear appeals and information security behaviors: an empirical study. MIS quarterly, pp.549-566.

Kim, E.B., 2013. Information security awareness status of business-college: Undergraduate students. Information Security Journal: A Global Perspective, 22(4), pp.171-179.

Puhakainen, P. and Siponen, M., 2010. Improving employees’ compliance through information systems security training: an action research study. Mis Quarterly, pp.757-778.

Ross, R.S., McEvilley, M. and Oren, J.C., 2018. Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems [including updates as of 1-03-2018] (No. Special Publication (NIST SP)-800-160).

Shackelford, S.J., Proia, A.A., Martell, B. and Craig, A.N., 2015. Toward a global cybersecurity standard of care: Exploring the implications of the 2014 NIST cybersecurity framework on shaping reasonable national and international cybersecurity practices. Tex. Int’l LJ, 50, p.305.

Shen, L., 2013. NIST Cybersecurity Framework: Overview and Potential Impacts, The. SciTech Law., 10, p.16.

Smith, S., Winchester, D., Bunker, D. and Jamieson, R., 2010. Circuits of Power: A Study of Mandated Compliance to an Information Systems Security” De Jure” Standard in a Government Organization. MIS quarterly, pp.463-486.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now