"The three main components of the #Cybersecurity Framework are the Core, the Framework Implementation Tiers (Tiers), and the Profile. These terms are frequently used in this Framework guidance document and defined below. 1) The Core is a set of “cybersecurity activities, desired outcomes, and applicable Informative References that are common across critical infrastructure sectors.” The Core comprises four elements: Functions, Categories, Subcategories, and Informative References.? 2) Tiers describe an organization’s approach to “cybersecurity #risk and the processes in place to manage that risk,” ranging from Tier 1 (Partial) to Tier 4 (Adaptive). Each Tier demonstrates an increasing degree of rigor and sophistication of cybersecurity risk management and integration with overall organizational needs.?? 3) Profiles align the Framework core elements with business requirements, risk tolerance, and organizational resources. The Profile can be used to identify opportunities for improving cybersecurity posture by comparing a Current Profile to a Target Profile. Profiles provide a roadmap to reduce cybersecurity risk consistent with business practices.?"
CFA(ICFAI).. Passed CFA Level 2 Finance Tutor, HongKong
3 年Prashant Dwivedi