Which of the following information security publications provides guidelines for secure web application development and is aligned with outcomes listed in the NIST Cybersecurity Framework?

An e-commerce company is upgrading its cybersecurity measures to include automated tools that detect and respond to unusual network traffic, which could indicate a cyber attack. They aim to quickly contain any identified threats to prevent data breaches. Which subcategory in the NIST Cybersecurity Framework could best support the implementation of these automated detection and response systems?

A healthcare provider is enhancing its cybersecurity policies to better protect patient information, particularly by implementing stricter access controls and auditing mechanisms to detect any unauthorized access or data manipulation. This is part of their compliance efforts with health data protection regulations. Which subcategory in the NIST Cybersecurity Framework could best guide the implementation of these stricter access controls and auditing mechanisms?

Which of the following best describes the purpose of the Identity Management, Authentication, and Access Control (PR.AA) category in the NIST Cybersecurity Framework?

A startup is currently managing cybersecurity issues on an incident-by-incident basis without any predefined strategy. Most decisions are made spontaneously without consulting any established guidelines or standards. What tier best describes their cybersecurity implementation?