Information Technology Specialist (ITS) Cybersecurity Practice Exam

Which security framework focuses on continuous compliance and monitoring?

• A. NIST Cybersecurity Framework
• B. CIS Controls
• C. ISO 27001
• D. COBIT

The correct answer is: NIST Cybersecurity Framework

The NIST Cybersecurity Framework is designed to help organizations manage and reduce cybersecurity risk by providing a set of standards, guidelines, and best practices. One of its core components is its focus on continuous compliance and monitoring, which emphasizes ongoing evaluation of cybersecurity policies and practices to adapt to changing threats and vulnerabilities. This framework encourages organizations to continuously assess their security posture by monitoring cybersecurity risks, ensuring that they are compliant with established standards and practices. The iterative nature means that organizations regularly revisit their security strategies and controls, enabling them to maintain an effective and resilient cybersecurity program. While the other frameworks like CIS Controls, ISO 27001, and COBIT provide various levels of guidance on security practices, they do not emphasize continuous compliance and monitoring as strongly as the NIST Cybersecurity Framework does. For example, while ISO 27001 is focused on establishing an Information Security Management System (ISMS) requiring periodic review and assessment, it does not intrinsically prioritize real-time monitoring or continuous compliance in the same structured way as NIST. Thus, the NIST Cybersecurity Framework stands out for its emphasis on an ongoing, adaptable approach to cybersecurity compliance and monitoring.