Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CYBER THREAT INFORMATION SHARING AND GETTING AHEAD OF CYBER BREACHES: A NIST PERSPECTIVE

108 views

Published on

2016 ORAU Annual Meeting of the Council of Sponsoring Institutions
DONNA F. DODSON
CHIEF CYBERSECURITY ADVISOR AND
ASSOCIATE DIRECTOR FOR CYBERSECURITY, INFORMATION TECHNOLOGY LABORATORY

Published in: Government & Nonprofit
  • Be the first to comment

  • Be the first to like this

CYBER THREAT INFORMATION SHARING AND GETTING AHEAD OF CYBER BREACHES: A NIST PERSPECTIVE

  1. 1. CYBER THREAT INFORMATION SHARING AND GETTING AHEAD OF CYBER BREACHES: A NIST PERSPECTIVE DONNA F. DODSON CHIEF CYBERSECURITY ADVISOR AND ASSOCIATE DIRECTOR FOR CYBERSECURITY, INFORMATION TECHNOLOGY LABORATORY
  2. 2. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) •About NIST • Part of the U.S. Department of Commerce • NIST’s mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. • 3,000 employees • 2,700 guest researchers • 1,300 field staff in partner organizations • Two main locations: Gaithersburg, Md and Boulder, Co • NIST Priority Research Areas • Advanced Manufacturing • IT and Cybersecurity • Healthcare • Forensic Science • Disaster Resilience • Cyber-Physical Systems • Advanced Communications 2
  3. 3. NIST’S RESEARCH AND STANDARDS Research Areas: • Authentication -Access Control • Biometrics • Continuous Monitoring • Cryptography • Identity Management • Information Sharing • Key Management • Network Security • Privacy • Risk Management • Security Automation • Software Quality • Security Testing • Usable Security • Vulnerability Management Secure Applications and Engineering: • Cloud • Cyber Physical Systems • Healthcare • Mobility • Public Safety Networks • Smart Grid • Voting 3
  4. 4. NIST CYBERSECURITY PROGRAM  Standards, Guidance, Tools and Metrics (Computer Security Division) • Cybersecurity Outreach and Education (National Initiative for Cybersecurity Education) • Vibrant Identity Management Ecosystem (National Strategy for Trusted Identities in Cyberspace) • Standards based Cybersecurity Blueprints (National Cybersecurity Center of Excellence) • Secure and Resilient Critical Infrastructure (Executive Order- Improving Critical Infrastructure Cybersecurity) 4
  5. 5. THE ESSENTIALS • Creating a risk management program • Framework for Improving Critical Infrastructure Cybersecurity • NIST Risk Management Framework • Identify assets • Understand threat environment • Identify and implement security protections • Identify and implement detection an occurrence of cyber incident • Identify and implement actions to contain cyber events • Identify and implement to restore capabilities after containing a cyber event 5
  6. 6. THREAT INFORMATION SHARING • Establish computer security incident response capabilities that leverage the collective knowledge, experience, and abilities of partners by actively sharing threat intelligence and ongoing coordination. • Coordinate incident handling, including producing and consuming data, participating in information sharing communities, and protecting incident related data. draft SP 800-150 Guide to Cyber Threat Information Sharing 6
  7. 7. THREAT INFORMATION SHARING • Organizations should perform an inventory that catalogues the information an organization currently possesses, the information that it is capable of producing, and document the circumstances under which this information may be shared. • Organizations should exchange threat intelligence, tools, and techniques with sharing partners. • Organizations should employ open, standard data formats and transport protocols to facilitate the efficient and effective exchange of information. 7
  8. 8. THREAT INFORMATION SHARING • Organizations should enhance their cybersecurity posture and maturity by augmenting local data collection, analysis, and management functions using information from external sources. • Organizations should enhance their cybersecurity posture and maturity by augmenting local data collection, analysis, and management functions using informationfrom external sources. • Organizations should ensure that the resources required for ongoing participation in a sharing community are available. • Organization should establish the foundational infrastructure necessary to maintain its cybersecurity posture and clearly identify the roles and responsibilities for installing, operating, and maintaining these capabilities 8
  9. 9. NIST Computer Security Resource Center http://csrc.nist.gov/ Cybersecurity Framework www.nist.gov/cyberframework National Strategy for Trusted Identities in Cyberspace http://www.nist.gov/nstic/ National Cybersecurity Center of Excellence https://nccoe.nist.gov National Initiative for Cybersecurity Education http://csrc.nist.gov/nice/ RESOURCES WHERE TO LEARN MORE AND STAY CURRENT

×