This document discusses cybersecurity standards and frameworks. It provides information on ISO 27001, a widely recognized international cybersecurity standard. It also discusses NIST Publication 800-53, the most widely used cybersecurity framework in the US, which defines 20 control families for managing cybersecurity risks. The document explains the differences between standards and frameworks and lists some of the major control families in NIST 800-53, including access control, awareness and training, audit and accountability, and incident response.
The Significance of IT Security Management & Risk AssessmentBradley Susser
The Significance of IT Security Management & Risk Assessment
An overview of IT Security Management, which is comprised of standards, policies, plans, and procedures as well as risk assessment and the various techniques and approaches to minimize an organization’s financial impact due to the exploitation of numerous organizational assets.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
The Significance of IT Security Management & Risk AssessmentBradley Susser
The Significance of IT Security Management & Risk Assessment
An overview of IT Security Management, which is comprised of standards, policies, plans, and procedures as well as risk assessment and the various techniques and approaches to minimize an organization’s financial impact due to the exploitation of numerous organizational assets.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
A to Z of Information Security ManagementMark Conway
The purpose of information security is to protect an organisation’s valuable assets, such as information, Intellectual property, hardware, and software.
Through the selection and application of appropriate safeguards or controls, information security helps an organisation to meet its business objectives by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets.
In this A to Z I’d like to outline some of the key focus areas for organisations wishing to pursue compliance to the ISO27001 Information Security standard.
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
The CompTIA Cybersecurity Analyst (CySA+) certification is the industry standard for demonstrating that cybersecurity professionals can analyze data and interpret the results to detect vulnerabilities, threats, and risks to an organization.
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
This webinar gives an idea of what is the relation of ISO 27032 with ISO 55001, and how these two standards cover one another. Get more information on Cybersecurity as the importance is given more to the security industry nowadays.
Main points covered:
• Protection assets in Cyberspace
• Covering ISO 27032 in ISO 55001 and ISO 55001 in ISO 27032
• Sample of Cybersecurity Risks in Assets
• Highlights of the Implementation of the Cyber Security program Framework
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Claude Essomba, who is a Managing Director at GETSEC SARL, and has more than 9 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/_280jG77iKY
Risk management is the process of analyzing exposure to risk and determining how to best handle such exposure.
Issues important to top management typically receive lot of attention from many quarters. Since top management cares about risk management, a number of popular IT risk-management frameworks have emerged.
Information Security between Best Practices and ISO StandardsPECB
Main points covered:
• Information Security best practices (ESA, COBIT, ITIL, Resilia)
• NIST security publications (NIST 800-53)
• ISO standards for information security (ISO 20000 and ISO 27000 series)
- Information Security Management in ISO 20000
- ISO 27001, ISO 27002 and ISO 27005
• What is best for me: Information Security Best Practices or ISO standards?
Presenter:
This webinar was presented by Mohamed Gohar. Mr.Gohar has more than 10 years of experience in ISM/ITSM Training and Consultation. He is one of the expert reviewers of CISA RM 26th edition (2016), ISM Senior Trainer/Consultant at EGYBYTE.
Link of the recorded session published on YouTube: https://youtu.be/eKYR2BG_MYU
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...ShyamMishra72
In today's rapidly evolving digital landscape, cybersecurity has become a top priority for organizations across all industries, especially those operating in the information technology (IT) sector. With the ever-increasing threat of cyberattacks and data breaches, it is essential for IT industries and organizations striving for ISO 27001 compliance to adopt robust security measures to safeguard their sensitive data and protect against potential vulnerabilities. One such crucial security practice is Vulnerability Assessment and Penetration Testing (VAPT).
Vulnerability Assessment and Penetration Testing, commonly referred to as VAPT, is a proactive approach to identifying and addressing security vulnerabilities within IT systems, networks, and applications. It involves a comprehensive assessment of an organization's digital infrastructure to identify weaknesses that could be exploited by cybercriminals. VAPT consists of two main components:
Optimizing Security Operations: 5 Keys to SuccessSirius
Organizations are suffering from cyber fatigue, with too many alerts, too many technologies, and not enough people. Many security operations center (SOC) teams are underskilled and overworked, making it extremely difficult to streamline operations and decrease the time it takes to detect and remediate security incidents.
Addressing these challenges requires a shift in the tactics and strategies deployed in SOCs. But building an effective SOC is hard; many companies struggle first with implementation and then with figuring out how to take their security operations to the next level.
Read to learn:
--Advantages and disadvantages of different SOC models
--Tips for leveraging advanced analytics tools
--Best practices for incorporating automation and orchestration
--How to boost incident response capabilities, and measure your efforts
--How the NIST Cybersecurity Framework and CIS Controls can help you establish a strong foundation
Start building your roadmap to a next-generation SOC.
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxhealdkathaleen
Running Head: CYBERSECURITY FRAMEWORK 1
CYBERSECURITY FRAMEWORK 5
Integrating NIST CSF with IT Governance Frameworks
Nkengazong Tung
University of Maryland University College
29 AUGUST 2019
IT governance is the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. In the eCommerce industry, IT governance develop structure by characterizing hierarchical detailing lines, oversight advisory groups, standards, approaches, and procedures. A well-characterized structure viably sets the working limits for the association (Moeller, 2017). It additionally sets guidelines by making or lining up with the corporate procedure and characterizing the short and long haul objectives for the association. In the eCommerce industry, it is important to note how the regulations are followed, how standards are followed by the process managers, how planning for the capacity of servers should be done, ensure all the IT assets are tracked, etc. This internal function that is self-checking the “health status” of the various process to ensure the smoother function is Governance. Comment by Michael Baker: Recommend subtitles that match rubric
IT management is overseeing IT services or innovation in an organization. It has several elements, all of which focus on aligning IT goals with business objectives in a way that creates the most value of an organization. These components are IT strategy, IT service and IT asset. Some of IT management issues faced by an eCommerce company include ways to secure customers information, providing value to the company, as well as supporting business operations. To address IT management challenges faced in eCommerce, IT policies must be put in place to define various processes within the organization. A policy is a set of guidelines that define how things are done within an organization. With a well-defined policy, activities in the eCommerce industry are well outlined and making it easy to operate.
Risk Management is the process used to identify, evaluate and respond to possible accidental losses in situations where the only possible outcomes are losses or no change in the status. It is an overall administration function that tries to evaluate and address the circumstances and end results of vulnerability and threat to an association (Susmann & Braman, 2016). The aim of threat management is to empower an association to advance towards its objectives and goals in the most immediate, proficient, and viable way. Risk management issues faced by an eCommerce company are loss of data, unauthorized access of data as well as system failure. To address risk management in the eCommerce industry, a comprehensive risk management plan must be developed to address possible risks that might cause harm to the system. A good risk management plan provides procedures as well as guideline on how to respond to threats and also unforeseen incidents. By having a well-laid plan, the ...
A to Z of Information Security ManagementMark Conway
The purpose of information security is to protect an organisation’s valuable assets, such as information, Intellectual property, hardware, and software.
Through the selection and application of appropriate safeguards or controls, information security helps an organisation to meet its business objectives by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets.
In this A to Z I’d like to outline some of the key focus areas for organisations wishing to pursue compliance to the ISO27001 Information Security standard.
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
The CompTIA Cybersecurity Analyst (CySA+) certification is the industry standard for demonstrating that cybersecurity professionals can analyze data and interpret the results to detect vulnerabilities, threats, and risks to an organization.
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
This webinar gives an idea of what is the relation of ISO 27032 with ISO 55001, and how these two standards cover one another. Get more information on Cybersecurity as the importance is given more to the security industry nowadays.
Main points covered:
• Protection assets in Cyberspace
• Covering ISO 27032 in ISO 55001 and ISO 55001 in ISO 27032
• Sample of Cybersecurity Risks in Assets
• Highlights of the Implementation of the Cyber Security program Framework
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Claude Essomba, who is a Managing Director at GETSEC SARL, and has more than 9 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/_280jG77iKY
Risk management is the process of analyzing exposure to risk and determining how to best handle such exposure.
Issues important to top management typically receive lot of attention from many quarters. Since top management cares about risk management, a number of popular IT risk-management frameworks have emerged.
Information Security between Best Practices and ISO StandardsPECB
Main points covered:
• Information Security best practices (ESA, COBIT, ITIL, Resilia)
• NIST security publications (NIST 800-53)
• ISO standards for information security (ISO 20000 and ISO 27000 series)
- Information Security Management in ISO 20000
- ISO 27001, ISO 27002 and ISO 27005
• What is best for me: Information Security Best Practices or ISO standards?
Presenter:
This webinar was presented by Mohamed Gohar. Mr.Gohar has more than 10 years of experience in ISM/ITSM Training and Consultation. He is one of the expert reviewers of CISA RM 26th edition (2016), ISM Senior Trainer/Consultant at EGYBYTE.
Link of the recorded session published on YouTube: https://youtu.be/eKYR2BG_MYU
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...ShyamMishra72
In today's rapidly evolving digital landscape, cybersecurity has become a top priority for organizations across all industries, especially those operating in the information technology (IT) sector. With the ever-increasing threat of cyberattacks and data breaches, it is essential for IT industries and organizations striving for ISO 27001 compliance to adopt robust security measures to safeguard their sensitive data and protect against potential vulnerabilities. One such crucial security practice is Vulnerability Assessment and Penetration Testing (VAPT).
Vulnerability Assessment and Penetration Testing, commonly referred to as VAPT, is a proactive approach to identifying and addressing security vulnerabilities within IT systems, networks, and applications. It involves a comprehensive assessment of an organization's digital infrastructure to identify weaknesses that could be exploited by cybercriminals. VAPT consists of two main components:
Optimizing Security Operations: 5 Keys to SuccessSirius
Organizations are suffering from cyber fatigue, with too many alerts, too many technologies, and not enough people. Many security operations center (SOC) teams are underskilled and overworked, making it extremely difficult to streamline operations and decrease the time it takes to detect and remediate security incidents.
Addressing these challenges requires a shift in the tactics and strategies deployed in SOCs. But building an effective SOC is hard; many companies struggle first with implementation and then with figuring out how to take their security operations to the next level.
Read to learn:
--Advantages and disadvantages of different SOC models
--Tips for leveraging advanced analytics tools
--Best practices for incorporating automation and orchestration
--How to boost incident response capabilities, and measure your efforts
--How the NIST Cybersecurity Framework and CIS Controls can help you establish a strong foundation
Start building your roadmap to a next-generation SOC.
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxhealdkathaleen
Running Head: CYBERSECURITY FRAMEWORK 1
CYBERSECURITY FRAMEWORK 5
Integrating NIST CSF with IT Governance Frameworks
Nkengazong Tung
University of Maryland University College
29 AUGUST 2019
IT governance is the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. In the eCommerce industry, IT governance develop structure by characterizing hierarchical detailing lines, oversight advisory groups, standards, approaches, and procedures. A well-characterized structure viably sets the working limits for the association (Moeller, 2017). It additionally sets guidelines by making or lining up with the corporate procedure and characterizing the short and long haul objectives for the association. In the eCommerce industry, it is important to note how the regulations are followed, how standards are followed by the process managers, how planning for the capacity of servers should be done, ensure all the IT assets are tracked, etc. This internal function that is self-checking the “health status” of the various process to ensure the smoother function is Governance. Comment by Michael Baker: Recommend subtitles that match rubric
IT management is overseeing IT services or innovation in an organization. It has several elements, all of which focus on aligning IT goals with business objectives in a way that creates the most value of an organization. These components are IT strategy, IT service and IT asset. Some of IT management issues faced by an eCommerce company include ways to secure customers information, providing value to the company, as well as supporting business operations. To address IT management challenges faced in eCommerce, IT policies must be put in place to define various processes within the organization. A policy is a set of guidelines that define how things are done within an organization. With a well-defined policy, activities in the eCommerce industry are well outlined and making it easy to operate.
Risk Management is the process used to identify, evaluate and respond to possible accidental losses in situations where the only possible outcomes are losses or no change in the status. It is an overall administration function that tries to evaluate and address the circumstances and end results of vulnerability and threat to an association (Susmann & Braman, 2016). The aim of threat management is to empower an association to advance towards its objectives and goals in the most immediate, proficient, and viable way. Risk management issues faced by an eCommerce company are loss of data, unauthorized access of data as well as system failure. To address risk management in the eCommerce industry, a comprehensive risk management plan must be developed to address possible risks that might cause harm to the system. A good risk management plan provides procedures as well as guideline on how to respond to threats and also unforeseen incidents. By having a well-laid plan, the ...
Similar to Cyber Families - Incident Response.pptx (20)
This 3-day experience combines independent learning, group exercises and instructor lead discussions to provide those considering a career in cybersecurity with an opportunity to explore the various occupations and certifications available. If you are looking to pivot your career…this course is for you!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
3. Is There a Cybersecurity Standard?
Yes!! The International Standards Organizations (ISO) established ISO 27001/27002 and it is
the internationally recognized standard for cybersecurity. It assumes that an organization
adopting ISO 27001 will have an Information Security Management System (ISMS). ISO/IEC
27001 requires that management systematically manage the organization’s information
security risks, taking threats and vulnerabilities into account.
What is the Origin of ISO 27001?
ISO 27000 came out of the BS (British Standard) 7799, originally published in 1995 in three
parts. The first part of BS 7799, dealing with the best practices of information security, was
incorporated in ISO 17799 and in made part of the ISO 27000 series in 2000.
Cybersecurity Standards and Frameworks
4. What is a Cybersecurity “Framework”?
Cybersecurity frameworks are sets of documents describing guidelines, standards, and best
practices designed for cyber security risk management . The frameworks exist to reduce an
organization's exposure to weaknesses and vulnerabilities that hackers and other cyber criminals
may exploit.
What is the Difference Between a Cybersecurity Standard and a Framework?
A cybersecurity standard is a set of guidelines or best practices that organizations can use to
improve their cybersecurity posture. Organizations can use cybersecurity standards to help them
identify and implement appropriate measures to protect their systems and data from cyber
threats. Standards can also provide guidance on how to respond to and recover from
cybersecurity incidents. These are generally not voluntary and must be followed for compliance.
A cybersecurity framework is a system of standards, guidelines, and best practices to manage
risks that arise in the digital world. They typically match security objectives, like avoiding
unauthorized system access, with controls like requiring a username and password. ybersecurity
frameworks are often mandatory, or at least strongly encouraged, for companies that want to
comply with state, industry, and international cybersecurity regulations.
Cybersecurity Standards and Frameworks
5. How Many Different Cybersecurity Frameworks are There?
Cybersecurity frameworks provide a set of best practices for determining risk tolerance and
setting controls. Knowing which one is best for your organization can be difficult. In fact,
many regulations cross-reference more than one standard or framework. There are at least 20
security frameworks out there designed to help cyber professionals create robust
cybersecurity compliance programs.
What is Considered the Go To or Most Used Cybersecurity Framework?
Among the most widely used cybersecurity frameworks is NIST publications NIST 800-53, a
set of controls intended to help organizations meet the requirements of the Federal
Information Security Modernization Act (FISMA), which is mandatory for federal agencies and
organizations that are part of their supply chain such as defense contractors. It is considered
the cybersecurity gold standard among federal agencies. It is also widely used among both
Private (for profit) and Public (government) entities.
Cybersecurity Standards and Frameworks
7. Who or What is NIST?
The National Institute of Standards and Technology (NIST) was founded in 1901 and is now
part of the U.S. Department of Commerce. NIST is one of the nation's oldest physical science
laboratories. Congress established the agency to remove a major challenge to U.S. industrial
competitiveness.
What is NIST Publication 800-53 and What the Purpose of the Document?
NIST 800-53 is a cybersecurity standard and compliance framework developed by the
National Institute of Standards in Technology. It is a continuously updated framework that
tries to flexibly define standards, controls, and assessments based on risk, cost-
effectiveness, and capabilities. NIST 800-53 framework is designed to provide a foundation of
guiding elements, strategies, systems, and controls, that can agnostically support any
organization’s cybersecurity needs and priorities.
Cybersecurity Standards and Frameworks - NIST
8. What are Cybersecurity Controls?
Cybersecurity controls are mechanisms used to prevent, detect and mitigate cyber threats
and attacks. The cybersecurity controls outlined in NIST Special Publication 800-53 provide
all agencies who utilize the cybersecurity framework the recommended security and privacy
controls to protect against potential security issues and cyber attacks.
What are Cybersecurity Control “Families”?
Security control families are collections of security controls all related to the same broad
subject: physical access controls, awareness and training, incident response, and so forth.
The precise number of controls within each family can vary, but each one will relate back to
the control family’s basic focus.
What are Cybersecurity Controls
and What are Control “Families”?
9. AC – Access Control: The AC Control Family consists of security requirements detailing
system logging. This includes who has access to what assets and reporting capabilities like
account management, system privileges, and remote access logging to determine when
users have access to the system and their level of access.
AT – Awareness and Training: The control sets in the AT Control Family are specific to your
security training and procedures, including security training records. A particular focus is
improving awareness of different operational risks and threats to privacy or system security.
AU – Audit and Accountability: The AU control family consists of security controls related to
an organization’s audit capabilities. This includes audit policies and procedures, audit
logging, audit report generation, and protection of audit information.
CA – Assessment, Authorization and Monitoring: The Continuous Assessment, Authorization
and Monitoring family focuses on the continuous monitoring and improvement of security
and privacy controls. It covers the creation of an assessment plan and the delegation of the
team to carry out control assessment.
How Many Control Families are
There in NIST 800-53?
10. CM – Cnfiguration Management: CM controls are specific to an organization’s configuration
management policies. This includes a baseline configuration to operate as the basis for
future builds or changes to information systems. Additionally, this includes information
system component inventories and a security impact analysis control.
CP – Contingency Planning: The CP control family includes controls specific to an
organization's contingency plan if a cybersecurity event should occur. This includes controls
like contingency plan testing, updating, training, and backups, and system reconstitution.
IA – Identification and Authentication: IA controls are specific to the identification and
authentication policies in an organization. This includes the identification and authentication
of organizational and non-organizational users and how the management of those systems.
IR – Incident Response: Controls for incident response are customized to an organization’s
rules and processes. This area may include incident response training, testing, monitoring,
reporting, and a response strategy.
How Many Control Families are
There in NIST 800-53?
11. MA – Maintenance: Revision five of NIST 800-53 outlines standards for maintaining systems
and tools.
MP – Media Protection: Access, marking, storage, transit policies, sanitization, and defined
organizational media use are all covered by the media protection control family.
PE – Physical and Environmental Protection: Physical and environmental protection is a
control family used to safeguard systems, buildings, and supporting infrastructure from
physical dangers. Physical access authorizations, monitoring, visitor records, emergency
shutoff, electricity, lighting, fire protection, and water damage prevention are all examples of
these controls.
PL – Planning: Security planning policies address the goal, scope, roles, duties, management
commitment, and coordination among entities for organizational compliance.
PM – Program Management: The PM control family applies to your cybersecurity program. It
includes a critical infrastructure plan, information security program plan, a plan of action
milestones and processes, a risk management strategy, and enterprise architecture.
How Many Control Families are
There in NIST 800-53?
12. PS – Personnel Security: Standards around personnel screening, termination, transfers,
sanctions, and access agreements are all examples of PS controls to protect employees.
PT – Personally Identifiable Information (PII) Processing and Transparency: The PII
Processing and Transparency family of controls helps to safeguard sensitive data, focusing
on consent and privacy. Organizations can lower the risk of data breaches by properly
managing personally identifiable information.
RA – Risk Assessment: The RA control family covers an organization’s risk assessment
policies and vulnerability scanning capabilities.
SA – System and Services Acquisition: The System and Services Acquisition family of
controls includes the allocation of resources and the creation of system development life
cycles. Controls help organizations create a safe acquisition process for new systems and
devices, safeguarding the integrity of the wider system and data.
How Many Control Families are
There in NIST 800-53?
13. SC – System and Communications Protection: The System and Communications Protection
family of controls covers the protection of system boundaries and the safe management of
collaborative devices. Controls provide in-depth guidance on set-up and ongoing
management of systems, including access, partitions, and usage restrictions.
SI – System and Information Integrity: The System and Information Integrity family of
controls focuses on maintaining the integrity of the information system. Controls cover
topics like protection from malicious code and spam, and procedures for ongoing system-
wide monitoring.
SR – Supply Chain Risk Management: The Supply Chain Risk Management family of controls
covers policies and procedures to counter risks in the supply chain. This includes processes
to assess and manage suppliers, and the inspection of supply chain systems and
components.
How Many Control Families are
There in NIST 800-53?
14. Incident Response – What is it and
Why is Having an IR Plan so Important?
What is meant by Incident Response (IR)?:
NIST defines Incident Response this way: “The mitigation of violations of security policies
and recommended practices.”
A very large cybersecurity company defines IR as: “…a set of information security policies
and procedures that you can use to identify, contain, and eliminate cyberattacks. It is also
states that the goal of incident response is “…to enable an organization to quickly detect and
halt attacks, minimizing damage and preventing future attacks of the same type.”
Why is Having an IR Plan so Important?:
Incident response planning is important because it outlines how to minimize the duration and
damage of security incidents, identifies stakeholders, streamlines digital forensics, improves
recovery time, reduces negative publicity and customer churn.
15. Incident Response – Goals
What are the Goals fo Cyber Incident Response?
NIST states the goals of Cyber IR is to: “Develop and implement appropriate activities to take
action regarding a detected cybersecurity incident.”
An esteemed and well-known University states the goals of Cyber IR are: “to contain the
scope of an incident and reduce the risk to institutional systems and data and to return
affected systems and data back to an operational state as quickly as possible.”
What are the Goals fo Cyber Incident Response?
The NIST incident response lifecycle breaks incident response down into four main phases:
Preparation; Detection and Analysis; Containment, Eradication, and Recovery; and Post-
Event Activity.
17. Incident Response – Preparation
The initial phase involves establishing and training an incident response team, and acquiring
the necessary tools and resources. During preparation, the organization also attempts to
limit the number of incidents that will occur by selecting and implementing a set of controls
based on the results of risk assessments.
Incident response methodologies typically emphasize preparation—not only establishing an
incident response capability so that the organization is ready to respond to incidents, but
also preventing incidents by ensuring that systems, networks, and applications are
sufficiently secure.
18. Incident Response – Detection & Analysis
In this phase, cybersecurity teams detect the occurrence of an issue and decide whether or
not it is actually an incident so that their organization can respond to it appropriately. The
main purposes of this phase are to determine whether the incident is really occurring and
analyze its nature. These might not be easy tasks. NIST SP 800-61 lists the steps of
“Detection and analysis” phase:
1) Noticing signs of an incident (called “precursors” and “indicators”)
2) Analyzing these signs
3) Documenting the incident
4) Prioritizing incidents
5) incident notification.
At this stage of incident response lifecycle, the incident response team should not yet try to
eradicate the incident. It is very important not to start eradication activities without proper
incident analysis.
19. Incident Response – Containment,
Eradication, and Recovery
This is the main phase of security incident response, in which the responders take action to
stop any further damage. This phase encompasses three steps:
1) Containment. In this step, all possible methods are used to prevent the spread of malware
or viruses. Actions might include disconnecting systems from networks, quarantining
infected systems, or blocking traffic to and from known malicious IP addresses.
2) Eradication. After containing the security issue in question, the malicious code or software
needs to be eradicated from the environment. This might involve using antivirus tools or
manual removal techniques. It will also include ensuring that all security software is up to
date in order to prevent any future incidents.
3) Recovery. After eliminating the malware, restoring all systems to their pre-incident state is
essential. This might involve restoring data from backups, rebuilding infected systems, and
re-enabling disabled accounts.
20. Incident Response – Post Incident Activity
The final phase of the incident response life cycle is to perform a postmortem of the entire
incident. Learning and improving after an incident is one of the most important parts of
incident response and the most often ignored. In this phase the incident and incident
response efforts are analyzed. The goals here are to limit the chances of the incident
happening again and to identify ways of improving future incident response activity.
Performing this analysis helps the organization understand how the incident took place and
what it can do to prevent such incidents from happening in the future. The lessons learned
during this phase can improve the organization’s incident security protocols and make its
security strategy more robust and effective.
21. Tips for Creating a Realistic and
Effective Incident Response Plan
1) Identify and train incident handlers BEFORE there is a security breach. Ensure that all
employees know their responsibilities when an event occurs. These responsibilities may
vary, but they will likely cover things like when to report an issue, who to contact, and
what tools to immediately deploy in the event of a breach.
2) Create effective communication channels across teams, ensuring that each person
reports to their assigned contact. This helps ensure quick detection and recovery from
any incidents in real time without losing valuable information or data.
3) Maintain logs for each system and update them regularly, leaving no gaps in the data. The
creation of such logs can be useful in identifying the source of a security breach, may
prevent a breach from spreading throughout your network and preventing similar events
in the future.
4) Regularly test the incident response plan to keep it up to date with any changes made to
security policies or new technologies introduced to the organization’s infrastructure. This
step is VERY IMPORTANT, and most entities do not practice their IR plans.
22. Personally Identifiable Information (PII) –
What is it and How Do You Protect it?
NIST defines PII as: “…information that can be used to distinguish or trace an individual's
identity, either alone or when combined with other information that is linked or linkable to a
specific individual.”
Examples of PII: Sensitive personally identifiable information can include your full name,
Social Security Number, driver’s license, financial information, and medical records.
Non-sensitive personally identifiable information is easily accessible from public sources
and can include your zip code, race, gender, and date of birth.
Passports contain personally identifiable information.
Social media sites may be considered non-sensitive personally identifiable information.
23. Personally Identifiable Information (PII) –
What is it and How Do You Protect it?
Every organization stores and uses personally identifiable information (PII), whether on its
employees or customers. As enterprises collect, process, and store PII, they also inherit
responsibility for protecting it. Doing so ensures the integrity of individuals’ identities while
protecting your company’s reputation.
PII can be compromised in a variety of ways. Digital files can be hacked and accessed by
criminals, while physical files can be exposed to threats if not properly secured. Without
safeguards and a PII protection policy, organizations and their customers are at risk of
identity theft. In 2020, identity theft was the most common consequence of a data breach,
occurring 65% of the time.
24. Personally Identifiable Information (PII) –
What is it and How Do You Protect it?
1) Identify What PII You Collect and Where It Is Stored
Begin by performing an inventory of what personally identifiable information you’re
collecting and where it’s being stored. You’ll need to examine whether you’re collecting data
correctly and if the storage method contains adequate security measures.
2) Identify What Compliance Regulations You Must Follow
Depending on your industry, you may be subject to legal compliance requirements. These are
laws that govern how you collect, handle, store, and transmit certain types of sensitive
information. These may vary based on where or who your customers are, rather than your
industry or business location. Some common compliance mandates include:
• Health Insurance Portability and Accountability Act (HIPAA)
• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
25. Personally Identifiable Information (PII) –
What is it and How Do You Protect it?
3) Perform a Personally Identifiable Information Risk Assessment
A risk assessment will help you identify possible vulnerabilities or weak points in your
security strategy before criminals do. You should identify:
• What PII is regulated and what actions you’re taking to ensure compliance.
• What unregulated PII poses risks to reputation, competition, security, etc.
• Possible sources of threats from most to least likely.
• Possible risk management strategies, including control procedures and safeguards that
you can implement.
26. Personally Identifiable Information (PII) –
What is it and How Do You Protect it?
4) Securely Delete Personally Identifiable Information That’s Not Necessary to Business
Are you holding onto PII that you no longer need? While you might think it’s best to hoard as
much data as you can, PII can be a security risk when it hangs around forgotten. Comb
through your organization and identify information that can be deleted. This includes:
• Customers who have moved away, died, or ended the relationship.
• Records of employees who left the company more than a year ago.
• PII located on disused devices or in abandoned accounts.
• Instances where individuals have requested that you delete their information.
• PII accumulates over time, so “cleaning house” can reduce your storage costs as well as
your risk.
27. Personally Identifiable Information (PII) –
What is it and How Do You Protect it?
5) Classify PII by Confidentiality and Privacy Impacts
Not all PII is of the same level of sensitivity. For example, email lists must still be protected,
but they have a much lower level of confidentiality than customer records containing credit
card numbers. By classifying data according to confidentiality and impact if their privacy is
compromised, you can gain a sense of what your security program needs.
6) Review and Update Safeguards That Protect Personally Identifiable Information
Review your overall security program to see what safeguards you need to update. Likewise,
make sure you’re using up-to-date tools and solutions to protect PII. This includes your:
• Email service
• Antivirus and malware
• Customer management tools
• Information security management software
28. Personally Identifiable Information (PII) –
What is it and How Do You Protect it?
7) Update Your Security Policies
With the rollout of enhanced data privacy laws, your policies may need a review. Take a
moment to review the foundation for protecting PII: your internal security policies. Policies
that include best-practice security controls, from trusted frameworks like SOC 2 or CIS, help
ensure that the information you store and process stays say. These policies also create a
structure for your employee awareness training around the collection, storage, encryption,
de-identification, and deletion of PII.
Keep Your Data Protected No Matter What!! Protecting PII should be central to your
information security program. Your customers expect you to protect their PII no matter what.
With these seven steps, you can build a solid security strategy that meets or exceeds their
expectation.
29. • NIST History:
https://www.nist.gov/history#:~:text=The%20National%20Institute%20of%20Standards,natio
n's%20oldest%20physical%20science%20laboratories.
• NIST 800-53 Explained: https://www.cybersaint.io/blog/what-is-nist-800-53
• NIST SP 800-53 Rev. 5 - Security and Privacy Controls for Information Systems and
Organizations: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
• NIST SP 800-61 Rev. 2 - Computer Security Incident Handling Guide:
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf
• ISO 27001 framework: What it is and how to comply:
https://resources.infosecinstitute.com/topic/iso-27001-framework-what-it-is-and-how-to-
comply/#:~:text=ISO%2027001%20is%20a%20standards%20framework%20that%20provides%
20best%20practices,and%20get%20ISO%2027001%20certified.
Additional Reading and Resources - Incident Response
30. • PII Defined (NIST): https://csrc.nist.gov/glossary/term/PII
• Guidance on the Protection of Personal Identifiable Information:
https://www.dol.gov/general/ppii#:~:text=Personal%20Identifiable%20Information%20(PII)%
20is,either%20direct%20or%20indirect%20means.
• What is SOC 2 and How do You Attain SOC 2 Compliance?:
https://www.imperva.com/learn/data-security/soc-2-compliance/
Additional Reading and Resources - PII