Glossary

NIST Cybersecurity Framework (National Institute of Standards and Technology)

The NIST Cybersecurity Framework is a comprehensive set of guidelines developed by the US National Institute of Standards and Technology. Its purpose is to assist organizations in managing and mitigating cybersecurity risks effectively. Drawing upon existing standards, guidelines, and best practices, the framework serves as a voluntary tool for businesses of all sizes to comprehend, address, and minimize cybersecurity vulnerabilities. By providing a structured approach, it enables businesses to make informed decisions regarding the allocation of resources and efforts to bolster cybersecurity measures.

The guidelines play a crucial role in safeguarding networks and sensitive data, aligning companies with essential security practices and enhancing their resilience against evolving cyberthreats.

In line with the NIST standards, the AppDirect Training Center offers an exclusive Security Certificate program designed to empower advisors with an in-depth understanding of the framework. This program emphasizes technology segments rather than endorsing specific vendors, equipping advisors with the necessary skills to articulate security solutions confidently. The curriculum encompasses four distinct learning paths, focusing on critical aspects of cybersecurity, namely, Asset Discovery, Penetration Testing, Vulnerability Scanning, and Risk Assessment. By diving into each NIST tenet, the training program ensures advisors can effectively navigate the complex cybersecurity landscape, foster a robust culture of security awareness, and guide customers to mitigate risks. The certificate training also dives into each NIST tenant:

  1. Identify—These solutions help develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities

  2. Protect—These solutions provide appropriate safeguards to to ensure delivery of critical services

  3. Detect—The technologies in the detect section develop and implement appropriate activities to identify the occurrence of a cybersecurity event

  4. Respond—You’ll learn the development and implementation of appropriate activities to take action regarding a detect cybersecurity event

  5. Recover—The final section, recover will discuss the development and implementation of appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event