$)$ NIST Cybersecurity Framework

Suppose you are the Chief Information Security Officer for the Guyana Power and Light Inc. and

your worst nightmare is to receive a call from your staff or senior members of staff reporting that

there has been a Ransomware Attack and they cannot access critically important data and they fear

that the power grid would soon grind to a screeching halt unless GPL pays the attackers.

a$)$ How would you respond to the above scenario knowing that you currently have no systems

or procedures in place to deal with a Ransomware Attack? The NIST Cybersecurity Framework $($NIST CSF$)$ is a framework developed by the United States

Government for improving Critical Infrastructure protection. However, it is being referenced and

utilized far beyond the shores of the US Government and has become a standard referenced by

security professionals all over the world to frame the response to cybersecurity problems.

b$)$ What are the benefits of having a Cybersecurity Risk Framework in place? $[2$ marks$]$

c$)$ Using the NIST Cybersecurity Framework, $[4$ marks$]$

$1)$ What steps and processes are specified by the NIST CSF to manage Cybersecurity Risk?

$2)$ What challenges can you anticipate implementing this framework?

d$)$ Do you feel that implementing this or similar framework can help organisations like GPL$?$

Justify your answer.