Cybersecurity Frameworks

US Department of Defence’s The Rainbow Series

Orange Book defines a trusted computer that can handle classified and unclassified information, security design and evaluation

Concepts in Information Security

• Reference Monitor

NIST Cybersecurity Framework

I have been looking forward to diving deeper on this topic as I am a sucker for frameworks and processes and it has been specified generically across my studies.

Issued in 2014 in response to 3rd Global Conference on Cyberspace the year before.

2024 NIST CSF version 2 de facto standard for cybersecurity.

As I understand it, the NIST Cybersecurity framework has three elements:

• Framework Core
• Framework Profile

An organisation can use the latter as a basis for its own target profile.

• Framework Implementation Tiers

When adopting a cybersecurity framework, NIST recommends establishing two profiles

• Current state/risk profile
• Target risk profile