SECURITY PRINCIPLES 1

Security Principles

Capella University

IAS5025 - Network and Operating System

Jan 11, 2019

SECURITY PRINCIPLES 2

Abstract
NIST cybersecurity Policy which is a framework for the laid down guidelines for organization

information security policy able to detect, seek and find on how to respond to a security breach

or attack to the organization enterprise network system.

This paper describes the principles of cybersecurity as laid down by NIST. this paper, we

will discuss the challenges and goals when implementing the first cardinal points of NIST of

cybersecurity to organization information security policy. The paper will look at the role of NIST

have on private organization guidance in the area of information security control and

implementing the first cardinal points security to OS.

Keywords: information security control, cybersecurity,

SECURITY PRINCIPLES 3

Table of Content

 Cover Page,

 Abstract.

 Table of Content.

 Introduction/ Body

 Conclusion

 References
SECURITY PRINCIPLES 4

Introduction

Whiles organizations are advancing in their network system security and technologies

spending on cybersecurity policies as security breaches of network system continue to happen.

The boosting of vulnerabilities against that fact that attackers are looking for any new ways to

cause security breaches to any organization network system born out of Executive Order 13636

which instructed the NIST in conjunction with private sector organization to build and create a

risk-assessment of the nature cybersecurity framework which gear towards the U.S. essential

amenities organizations by way of industry sector standards and best procedures that will aid in

the cybersecurity menaces. In 2014 the NIST came up the outline of the betterment of the

Critical Infrastructure Cybersecurity such as FISMA (Federal Information Security Management

Act) 2014. This outline provides a risk-assessment procedure for implementing and betterment

workflow of the private sector organization cybersecurity policies (EO, 2013).

NIST cybersecurity framework is made up of 3 main components which are the Core the

Implementation Tiers and Framework Profiles. The Core is the ways of events and procedures

applicable made to stay through continuous operations of identification of finding the essential

intellectual assets and property, Protection we then find and means to secure and protect this

procedure, Detection having all the needed resources available in time to seek and find the

security breach, Responding having the right strategy in place to dealing with security breach

and Recovering we will make through the security breach when it happens. With Implementation

Tiers deals with partial when the organizational cybersecurity management risk profiles have

been defined yet, risk reformed is when the risk assessment profiles and objectives are defined

by management SWOT policy. Repeatable-when the organization run a test run of the formal

cybersecurity policies to see works or fails so that they can make updates and changes to suit the
SECURITY PRINCIPLES 5

organization needs and adaptive- after the organization management trail and errors of the define

cybersecurity policies they adapt to changes from the test run of cybersecurity policies that have

implemented making for a continuous adaptations and monitoring of progress as cybersecurity

technologies advances and improve. Now the profile of the Outline for the cybersecurity policy

is to have application and tools needed for retrieving and storing the organization information

and data concerning the cybersecurity policy. The challenges of the NIST cybersecurity how to

sustain the effort of the continues and ongoing monitoring of the management of the organization

cybersecurity policies which apply the organization needs from the risk assessment program that

drives the organization effective organization information security and cybersecurity procedures

(Ferrillo, & Conkle, 2014, para 3-5).

With the identification of principle of the NIST security the principles which is SP 800-

160 which requires the need for a better view of the current security threats and breaches that

affecting organizations network system, what will be organization critical assets and data that

will be generated from their network system which needs the security and protections? Growing

review of the complexity organizations technical needs which need to manage well for effective

output. What will be the need for incorporating organization system requirements and services

into the main organization technical and management methods within life cycle methodologies

organization network security management control practices? Developing trusted relations with

organization network system security to work well for every end users (NIST, 2017, para 7-12).

Applying the principles of security to the OS, Operating system or application is require

protecting its users from other user be it user authentication, file sharing protection, access

control. That the level of the OS protection such that it supposed to be isolated, be either share all

or nothing, access limitation or capabilities. That means when Operating System has access
SECURITY PRINCIPLES 6

control some resources can be shared at all or nothing either to the owner, the public or privates

by the access limitation of what resources or files in the OS should be shared, who can have

access to what resources of the OS, what will be ACL and matrices. Since we want to make sure

all direct access to OS object is authorized with security and protection from any accidental or

malicious intent threats which require the proper user authentication.

NIST plays important role for private sector and organization by collaboration with other

federal agencies to laid strong foundation for organizations to face the challenges of today

cybersecurity threats, so that they better improved the strategies of facing cybersecurity threats

and the publications they make offers industrial standards and outlines to use in the security and

protection of network system.

References
SECURITY PRINCIPLES 7

Executive Order 13636 of February 12, 2013, Improving Critical Infrastructure Cybersecurity,

Date retrieved 01/12/2019 http://www.gpo.gov/fdsys/pkg/FR-2013-02-19/pdf/2013-

03915.pdf

Companies Wrestle With the Cost of Cybersecurity, February 25, 2014, available

at http://online.wsj.com/news/articles/SB100014240527023048347045794034215397345

50

Graham, Scott, Interview: Greg Toughill, DHS, the USA on Cybersecurity, July 28, 2014, Date

retrieved 01/12/2019 http://www.globalgovernmentforum.com/brigadier-general-greg-

touhill-cybersecurity-department-of-homeland-security-interview/.

(go back)

Ferrillo, P., & Conkle, T. (2014, August 25). Understanding and Implementing the NIST

Cybersecurity Framework. Date retrieved 01/12/2019

https://corpgov.law.harvard.edu/2014/08/25/understanding-and-implementing-the-nist-

cybersecurity-framework/

NIST.gov. (2017). GENERALLY ACCEPTED SYSTEM SECURITY PRINCIPLES (GSSPs):

GUIDANCE ON SECURING INFORMATION TECHNOLOGY (IT) SYSTEMS. Date

retrieved 01/12/2019 https://csrc.nist.gov/csrc/media/publications/shared/documents/itl-

bulletin/cslbul1996-10.txt