According to the NIST Cyber security Framework, which of the following steps involves Identifying related systems and assets, regulatory requirements, and the overall risk approach?

According to the NIST Cyber security Framework, which of the following steps involves Identifying related systems and assets, regulatory requirements, and the overall risk approach?
A . Step 1: Prioritise and scope
B . Step 2: Orient
C . Step 3: Create a current profile

View Answer

Answer: B

Explanation:

NIST Cybersecurity Framework Steps:

Step 1: Prioritize and Scope: Identify business/mission objectives and prioritize organizational efforts.

Step 2: Orient: Identify related systems, assets, regulatory requirements, and overall risk approach.

Step 3: Create a Current Profile: Develop a current profile by identifying existing cybersecurity practices.

Orient Step:

Purpose: To establish a comprehensive understanding of the organization’s environment, including systems, assets, regulatory requirements, and the risk management approach.

Activities: Involves mapping out the organizational context and identifying key elements that influence cybersecurity posture.

Cybersecurity

Reference: NIST Cybersecurity Framework: Provides a policy framework of computer security guidance for how private sector organizations in the U.S. can assess and improve their ability to prevent, detect, and respond to cyber attacks.

NIST SP 800-53: Further details on risk management and security controls relevant to the orient step.

The Orient step is crucial for setting the foundation for an effective cybersecurity strategy by understanding the full scope of the organization’s environment and requirements.