Using threat modeling can be an effective way to prioritize security control implementation efforts for a given solution. The resulting prioritization can then be used to help optimize time or financial costs during solution development. The following is a brief overview of using the threat modeling process to select both NIST CSF security outcomes and NIST security controls.Continue reading “Using the STRIDE-LM Threat Model to Drive Security Control Selection”
NIST SP 800-53 Revision 4 vs. 5: What’s the Difference?
NIST Special Publication 800-53 Revision 5 was released recently and it includes a substantial number of changes. While NIST did outline many of the changes in their release notes, there are a few other things they left out.Continue reading “NIST SP 800-53 Revision 4 vs. 5: What’s the Difference?”
Welcome to CSF Tools! You may be wondering what all this stuff is and why I put it here. Like so many things in life as a technologist, this all started with me trying to find ways to visualize the NIST Cybersecurity Framework for a PowerPoint presentation. I wasnâ€™t really happy with the stuff I found, so decided to start building a library of visualizations linking that CSF to different control sets.
What is here so far is just the beginning. I have many ideas regarding new visualizations, control sets, and features to increase flexibility of presentation. Check back in periodically — you never know what you might find!