SlideShare a Scribd company logo

Cybersecurity framework v1-1_presentation

Download as PPTX, PDF
E
ezhilnarasu

Cybersecurity framework v1-1_presentation

Software
1 of 12
The Cybersecurity Framework Version 1.1 October 2019
Cybersecurity Framework History • February 2013 - Executive Order 13636: Improving Critical Infrastructure Cybersecurity • December 2014 - Cybersecurity Enhancement Act of 2014 (P.L. 113-274) • May 2017 - Executive Order 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
The Cybersecurity Framework Three Primary Components Core Desired cybersecurity outcomes organized in a hierarchy and aligned to more detailed guidance and controls Profiles Alignment of an organization’s requirements and objectives, risk appetite and resources using the desired outcomes of the Framework Core Implementation Tiers A qualitative measure of organizational cybersecurity risk management practices
• Common and accessible language • Adaptable to many technologies, lifecycle phases, sectors and uses • Risk-based • Based on international standards • Living document • Guided by many perspectives – private sector, academia, public sector Key Framework Attributes Principles of Current and Future Versions of the Framework
The Framework Core Establishes a Common Language • Describes desired outcomes • Understandable by everyone • Applies to any type of risk management • Defines the entire breadth of cybersecurity • Spans both prevention and reaction Function Identify Protect Detect Respond Recover
An Excerpt from the Framework Core The Connected Path of Framework Outcomes 5 Functions 23 Categories 108 Subcategories 6 Informative References
Implementation Tiers The Cybersecurity Framework Version 1.1 1 2 3 4 Partial Risk Informed Repeatable Adaptive Risk Management Process The functionality and repeatability of cybersecurity risk management Integrated Risk Management Program The extent to which cybersecurity is considered in broader risk management decisions External Participation The degree to which the organization: • monitors and manages supply chain risk1.1 • benefits my sharing or receiving information from outside parties
Framework Update The Cybersecurity Framework Version 1.1 • Applicability for all system lifecycle phases • Enhanced guidance for managing cybersecurity within supply chains and for buying decisions • New guidance for self-assessment • Better accounts for Authorization, Authentication, and Identity Proofing • Incorporates emerging vulnerability information (a.k.a., Coordinated Vulnerability Disclosure) • Administratively updates the Informative References
International Use Translations, Adaptations, and Other References World-Wide
Sample Resources www.nist.gov/cyberframework/framework-resources Financial Services Profile Financial Services Sector Specific Cybersecurity “Profile” Manufacturing Profile NIST Discrete Manufacturing Cybersecurity Framework Profile Maritime Profile Bulk Liquid Transport Profile
Success Stories https://www.nist.gov/cyberframework/success-stories University of Chicago Biological Sciences Division Japan’s Cross-Sector Forum ISACA University of Pittsburgh University of Kansas Medical Center Multi-State Information Sharing & Analysis Center
STAYING IN TOUCH cyberframework@nist.gov NIST.gov/cyberframework @ @NISTcyber NIST.gov/topics/cybersecurity NCCoE.NIST.gov CSRC.NIST.gov

Recommended

Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 

Recommended

Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Phil Agcaoili
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, MITDaveMillaar
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseShivamSharma909
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCimetrics Inc
 
What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813Kinetic Potential
 
NIST CSF Overview
NIST CSF OverviewNIST CSF Overview
NIST CSF OverviewPriyanka Aash
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsIgnyte Assurance Platform
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...North Texas Chapter of the ISSA
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains Aparajita Banerjee
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Phil Agcaoili
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Edureka!
 
Cyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesCyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesDave Reeves
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsTrish McGinity, CCSK
 
framework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptxframework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptxAshishRanjan546644
 
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxframework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxMuhammadAbdullah311866
 

More Related Content

What's hot

How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Phil Agcaoili
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, MITDaveMillaar
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseShivamSharma909
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCimetrics Inc
 
What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813Kinetic Potential
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsIgnyte Assurance Platform
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...North Texas Chapter of the ISSA
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Phil Agcaoili
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Edureka!
 
Cyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesCyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesDave Reeves
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsTrish McGinity, CCSK
 

What's hot (20)

How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture,
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident response
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework Cimetrics
 
What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813
 
NIST CSF Overview
NIST CSF OverviewNIST CSF Overview
NIST CSF Overview
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case Study
 
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
 
Cyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesCyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical Services
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certs
 

Similar to Cybersecurity framework v1-1_presentation

framework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptxframework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptxAshishRanjan546644
 
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxframework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxMuhammadAbdullah311866
 
Framework for Improving Critical Infrastructure Cyber.docx
Framework for Improving Critical Infrastructure Cyber.docxFramework for Improving Critical Infrastructure Cyber.docx
Framework for Improving Critical Infrastructure Cyber.docxbudbarber38650
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 
Framework for Improving Critical Infrastructure Cybersecurity - Nist.cswp.041...
Framework for Improving Critical Infrastructure Cybersecurity - Nist.cswp.041...Framework for Improving Critical Infrastructure Cybersecurity - Nist.cswp.041...
Framework for Improving Critical Infrastructure Cybersecurity - Nist.cswp.041...AT-NET Services, Inc. - Charleston Division
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
An integrated security testing framework and tool
An integrated security testing framework and toolAn integrated security testing framework and tool
An integrated security testing framework and toolMoutasm Tamimi
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA Information Security
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
HITRUST CSF in the Cloud
HITRUST CSF in the CloudHITRUST CSF in the Cloud
HITRUST CSF in the CloudOnRamp
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...Cohesive Networks
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 

Similar to Cybersecurity framework v1-1_presentation (20)

framework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptxframework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptx
 
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxframework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptx
 
Framework for Improving Critical Infrastructure Cyber.docx
Framework for Improving Critical Infrastructure Cyber.docxFramework for Improving Critical Infrastructure Cyber.docx
Framework for Improving Critical Infrastructure Cyber.docx
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint
 
Framework for Improving Critical Infrastructure Cybersecurity - Nist.cswp.041...
Framework for Improving Critical Infrastructure Cybersecurity - Nist.cswp.041...Framework for Improving Critical Infrastructure Cybersecurity - Nist.cswp.041...
Framework for Improving Critical Infrastructure Cybersecurity - Nist.cswp.041...
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
 
An integrated security testing framework and tool
An integrated security testing framework and toolAn integrated security testing framework and tool
An integrated security testing framework and tool
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
HITRUST CSF in the Cloud
HITRUST CSF in the CloudHITRUST CSF in the Cloud
HITRUST CSF in the Cloud
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMP
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
 

Recently uploaded

The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)Roberto Bettazzoni
 
From Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIFrom Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIInflectra
 
Transformer Neural Network Use Cases with Links
Transformer Neural Network Use Cases with LinksTransformer Neural Network Use Cases with Links
Transformer Neural Network Use Cases with LinksJinanKordab
 
GraphSummit Milan - Neo4j: The Art of the Possible with Graph
GraphSummit Milan - Neo4j: The Art of the Possible with GraphGraphSummit Milan - Neo4j: The Art of the Possible with Graph
GraphSummit Milan - Neo4j: The Art of the Possible with GraphNeo4j
 
Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?Maxim Salnikov
 
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit MilanWorkshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit MilanNeo4j
 
Software Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringSoftware Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringPrakhyath Rai
 
Lessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdfLessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdfSrushith Repakula
 
Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Chirag Panchal
 
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jGraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jNeo4j
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypseTomasz Kowalczewski
 
Your Ultimate Web Studio for Streaming Anywhere | Evmux
Your Ultimate Web Studio for Streaming Anywhere | EvmuxYour Ultimate Web Studio for Streaming Anywhere | Evmux
Your Ultimate Web Studio for Streaming Anywhere | Evmuxevmux96
 
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale IbridaUNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale IbridaNeo4j
 
Microsoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdfMicrosoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdfMarkus Moeller
 

Recently uploaded (20)

Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
 
Abortion Pill Prices Jozini ](+27832195400*)[ 🏥 Women's Abortion Clinic in Jo...
Abortion Pill Prices Jozini ](+27832195400*)[ 🏥 Women's Abortion Clinic in Jo...Abortion Pill Prices Jozini ](+27832195400*)[ 🏥 Women's Abortion Clinic in Jo...
Abortion Pill Prices Jozini ](+27832195400*)[ 🏥 Women's Abortion Clinic in Jo...
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)
 
From Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIFrom Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST API
 
Transformer Neural Network Use Cases with Links
Transformer Neural Network Use Cases with LinksTransformer Neural Network Use Cases with Links
Transformer Neural Network Use Cases with Links
 
Abortion Clinic In Stanger ](+27832195400*)[ 🏥 Safe Abortion Pills In Stanger...
Abortion Clinic In Stanger ](+27832195400*)[ 🏥 Safe Abortion Pills In Stanger...Abortion Clinic In Stanger ](+27832195400*)[ 🏥 Safe Abortion Pills In Stanger...
Abortion Clinic In Stanger ](+27832195400*)[ 🏥 Safe Abortion Pills In Stanger...
 
GraphSummit Milan - Neo4j: The Art of the Possible with Graph
GraphSummit Milan - Neo4j: The Art of the Possible with GraphGraphSummit Milan - Neo4j: The Art of the Possible with Graph
GraphSummit Milan - Neo4j: The Art of the Possible with Graph
 
Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?
 
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit MilanWorkshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
 
Abortion Clinic In Pretoria ](+27832195400*)[ 🏥 Safe Abortion Pills in Pretor...
Abortion Clinic In Pretoria ](+27832195400*)[ 🏥 Safe Abortion Pills in Pretor...Abortion Clinic In Pretoria ](+27832195400*)[ 🏥 Safe Abortion Pills in Pretor...
Abortion Clinic In Pretoria ](+27832195400*)[ 🏥 Safe Abortion Pills in Pretor...
 
Software Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringSoftware Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements Engineering
 
Lessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdfLessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdf
 
Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024
 
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jGraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
 
Your Ultimate Web Studio for Streaming Anywhere | Evmux
Your Ultimate Web Studio for Streaming Anywhere | EvmuxYour Ultimate Web Studio for Streaming Anywhere | Evmux
Your Ultimate Web Studio for Streaming Anywhere | Evmux
 
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...
 
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
 
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale IbridaUNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
 
Microsoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdfMicrosoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdf
 

Cybersecurity framework v1-1_presentation

  • 2. Cybersecurity Framework History • February 2013 - Executive Order 13636: Improving Critical Infrastructure Cybersecurity • December 2014 - Cybersecurity Enhancement Act of 2014 (P.L. 113-274) • May 2017 - Executive Order 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
  • 3. The Cybersecurity Framework Three Primary Components Core Desired cybersecurity outcomes organized in a hierarchy and aligned to more detailed guidance and controls Profiles Alignment of an organization’s requirements and objectives, risk appetite and resources using the desired outcomes of the Framework Core Implementation Tiers A qualitative measure of organizational cybersecurity risk management practices
  • 4. • Common and accessible language • Adaptable to many technologies, lifecycle phases, sectors and uses • Risk-based • Based on international standards • Living document • Guided by many perspectives – private sector, academia, public sector Key Framework Attributes Principles of Current and Future Versions of the Framework
  • 5. The Framework Core Establishes a Common Language • Describes desired outcomes • Understandable by everyone • Applies to any type of risk management • Defines the entire breadth of cybersecurity • Spans both prevention and reaction Function Identify Protect Detect Respond Recover
  • 6. An Excerpt from the Framework Core The Connected Path of Framework Outcomes 5 Functions 23 Categories 108 Subcategories 6 Informative References
  • 7. Implementation Tiers The Cybersecurity Framework Version 1.1 1 2 3 4 Partial Risk Informed Repeatable Adaptive Risk Management Process The functionality and repeatability of cybersecurity risk management Integrated Risk Management Program The extent to which cybersecurity is considered in broader risk management decisions External Participation The degree to which the organization: • monitors and manages supply chain risk1.1 • benefits my sharing or receiving information from outside parties
  • 8. Framework Update The Cybersecurity Framework Version 1.1 • Applicability for all system lifecycle phases • Enhanced guidance for managing cybersecurity within supply chains and for buying decisions • New guidance for self-assessment • Better accounts for Authorization, Authentication, and Identity Proofing • Incorporates emerging vulnerability information (a.k.a., Coordinated Vulnerability Disclosure) • Administratively updates the Informative References
  • 9. International Use Translations, Adaptations, and Other References World-Wide
  • 10. Sample Resources www.nist.gov/cyberframework/framework-resources Financial Services Profile Financial Services Sector Specific Cybersecurity “Profile” Manufacturing Profile NIST Discrete Manufacturing Cybersecurity Framework Profile Maritime Profile Bulk Liquid Transport Profile
  • 11. Success Stories https://www.nist.gov/cyberframework/success-stories University of Chicago Biological Sciences Division Japan’s Cross-Sector Forum ISACA University of Pittsburgh University of Kansas Medical Center Multi-State Information Sharing & Analysis Center