Video: National Institute of Standards and Technology (NIST) Cybersecurity Framework

In this lesson, Nick Palazzolo, CPA, dives into the National Institute of Standards and Technology (NIST) Cybersecurity Framework, breaking down its structure and components to simplify its use in managing and reducing cybersecurity risks. Nick starts by defining what NIST is and moves on to explain the three integral parts of the framework: the core, implementation tiers, and profiles. He elaborates on each component, starting with the core's five functions—Identify, Protect, Detect, Respond, and Recover—designed to help organizations develop a comprehensive cybersecurity strategy. Nick also details the implementation tiers that range from "Partial" to "Adaptive," each stage indicating a progression in managing cybersecurity risks more effectively and becoming increasingly agile and proactive. Lastly, he discusses the framework profiles which assist in identifying the current versus the target cybersecurity states, aiding organizations in aligning their security measures with business goals and risk tolerances. Nick's guidance provides a clear understanding of how to effectively implement and leverage the NIST framework across various sectors.

"Examprep.ai helped me pass all 4 CPA exams on the first try. I highly recommend. I especially like the feedback and ratings the software provides so I know where to focus my time."

Daniel H., CPA

"I can't recommend ExamPrep.ai enough. Nick's lessons turned concepts I struggled with into strengths. I was able to pass FAR right before other exams expired!"

Andrew K, CPA

"I just want to say thank you for the great lesson videos. I couldn't stay awake through lectures of another course. After watching all your FAR lessons I was finally able to pass!"

Alyssa M., CPA Candidate

Video Transcript

Instructor: Nick Palazzolo

Nick Palazzolo is head instructor of ExamPrep.ai CPA Review. Nick's teaching style is engaging & upbeat, combining practical Big 4 tax & assurance expertise with years of 1-on-1 coaching. His lessons are concise and emphasize what you need to know to pass. Whether you're a recent grad or working full-time, we’re confident you can conquer your CPA exams with Nick’s review.

Cite this lesson

Link to this page

[[ citeExample ]]

Copy to clipboard

Copy URL to clipboard

Copy HTML to clipboard

Let's talk about the NIST cybersecurity framework, the components and structure of it. What is NIST? NIST is the National Institute of Standards and Technology, and they have a cybersecurity framework. Cool. Sounds good. We're going to learn about that. Designed to help organizations manage and reduce cybersecurity risk. Now, it is a voluntary framework primarily intended for critical infrastructure organizations, but can be applied broadly across sectors. Now, the NIST CSF consists of three main components. We've got the framework core, the framework implementation tiers, and the framework profiles. Again, each of these has a different purpose. We kind of saw HIPAA, so HIPAA deals with healthcare, and there are a lot of overlaps between these. It's just there for specific industries. We have the credit card one. That's for the credit card industry. We have the Europe one, which is for the Europe industry. Here we go, the framework core. The core provides a set of desired cybersecurity activities and outcomes using common language that's easy to understand. It's divided into five concurrent and continuous functions. The core are five functions, identify, protect, detect, respond, recover. We want to develop an organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. We also want to implement appropriate safeguards to ensure delivery of critical services. We definitely want to implement appropriate activities to identify the occurrence of a cybersecurity event. We also want to take action regarding a detected cybersecurity event, and we want to develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services impaired due to a cybersecurity event. Now, each function contains categories and subcategories that detail specific outcomes and security controls. All right, thank you, NIST. You're doing a great job for us so far. Let's

Unlock the full video transcript and subtitles support with a free account!

Get more from this lesson

Create an account 7-day free trial. No credit card required.

Regulations, Standards and Frameworks

Module: 3 Concepts, 41 Videos

Internal Control Frameworks Overview and Objectives

3:45

Introduction to Internal Control Frameworks

5:36

Corporate Structure

2:01

Components of the COSO Internal Control Integrated Framework