Muhammad Akbar Yasin, profile picture
Uploaded byMuhammad Akbar Yasin
PPTX, PDF488 views

Cybersecurity Framework - Introduction

The document discusses the NIST Cybersecurity Framework. It defines key terms like information security, CIA triad, and cybersecurity. It explains that the NIST CSF provides guidance on cybersecurity risk management principles and best practices. It outlines the Framework Core, Implementation Tiers, and Profiles to help organizations manage cybersecurity risks in a cost-effective manner. The CSF can be used by organizations of any size or sector to understand and apply cybersecurity risk management.

Embed presentation

Downloaded 21 times
Cybersecurity Framework Manajemen Risiko Keamanan Informasi [EL5216 17/18] Muhammad Akbar Yasin [23216322]
Terms • Information Security • Information security is about the protection of information, regardless of whether it is stored digitally or not • CIA Triad • Cybersecurity • Is it about securing “cyber”? • Cyber security is about securing things that are vulnerable through ICT [1] https://ccis.no/cyber-security-versus-information-security/
Terms (continued) • ISACA Glossary • Information • An asset that, like other important business assets, is essential to an enterprise’s business. It can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or by using electronic means, shown on films, or spoken in conversation. • Information security • Ensures that within the enterprise, information is protected against disclosure to unauthorized users (confidentiality), improper modification (integrity), and non-access when required (availability). • Cybersecurity • The protection of information assets by addressing threats to information processed, stored, and transported by internetworked information systems [3] https://www.isaca.org/Pages/Glossary.aspx
Infosec vs Cybersecurity [2] http://www.cisoplatform.com/profiles/blogs/understanding-difference-between-cyber-security-information
NIST Cybersecurity Framework • Why NIST CSF? • Provides guidance on risk management principles and best practices, • Provides common language to address and manage cybersecurity risk • Outlines a structure for organizations to understand and apply cybersecurity risk management • Identifies effective standards, guidelines, and practices to manage cybersecurity risk in a cost-effective manner based on business needs. • Who Should Used the Framework? • for organizations of all sizes, sectors, and maturities. While the Framework was designed with Critical Infrastructure (CI) in mind, it is extremely versatile and can be used by organizations regardless of sector or size. [4] https://www.us-cert.gov/sites/default/files/c3vp/framework_guidance/HPH_Framework_Implementation_Guidance.pdf, page 11
NIST Cybersecurity Framework [5] Implementing The Nist Cybersecurity Framework Using Cobit 5: a step-by-step guide for your enterprise
[6] https://www.orbussoftware.com/governance-risk-and-compliance/nist/benefits/
Framework Core Subcategories are the deepest level of abstraction in the Core. There are 98 Subcategories, which are outcome- driven statements that provide considerations for creating or improving a cybersecurity program. [7] https://www.nist.gov/cyberframework/online-learning/components-framework
Implementation Tiers Tiers describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework. The Tiers range from Partial (Tier 1) to Adaptive (Tier 4) and describe an increasing degree of rigor, and how well integrated cybersecurity risk decisions are into broader risk decisions, and the degree to which the organization shares and receives cybersecurity info from external parties
Implementation Tiers [8] https://supplier.intel.com/static/governance/documents/The-cybersecurity-framework-in-action-an-intel-use-case-brief.pdf
Profiles Profiles are an organization's unique alignment of their organizational requirements and objectives, risk appetite, and resources against the desired outcomes of the Framework Core. Profiles can be used to identify opportunities for improving cybersecurity posture by comparing a “Current” Profile with a “Target” Profile.
Reference • [1] https://ccis.no/cyber-security-versus-information-security/ • [2] http://www.cisoplatform.com/profiles/blogs/understanding-difference-between- cyber-security-information • [3] https://www.isaca.org/Pages/Glossary.aspx • [4] https://www.us- cert.gov/sites/default/files/c3vp/framework_guidance/HPH_Framework_Implementatio n_Guidance.pdf, page 11 • [5] Implementing The Nist Cybersecurity Framework Using Cobit 5: a step-by-step guide for your enterprise, page 5 • [6] https://www.orbussoftware.com/governance-risk-and-compliance/nist/benefits/ • [7] https://www.nist.gov/cyberframework/online-learning/components-framework • [8] https://supplier.intel.com/static/governance/documents/The-cybersecurity- framework-in-action-an-intel-use-case-brief.pdf

More Related Content

PDF
Enterprise Cybersecurity: From Strategy to Operating Model
byEryk Budi Pratama
 
PPTX
NIST CyberSecurity Framework: An Overview
byTandhy Simanjuntak
 
PDF
Introduction to NIST Cybersecurity Framework
byTuan Phan
 
PDF
Building a Next-Generation Security Operations Center (SOC)
bySqrrl
 
PDF
Lessons Learned from the NIST CSF
byDigital Bond
 
PDF
Cyber Threat Intelligence
bymohamed nasri
 
PPTX
What is iso 27001 isms
byCraig Willetts ISO Expert
 
PPTX
Build an Information Security Strategy
byAndrew Byers
 
Enterprise Cybersecurity: From Strategy to Operating Model
byEryk Budi Pratama
 
NIST CyberSecurity Framework: An Overview
byTandhy Simanjuntak
 
Introduction to NIST Cybersecurity Framework
byTuan Phan
 
Building a Next-Generation Security Operations Center (SOC)
bySqrrl
 
Lessons Learned from the NIST CSF
byDigital Bond
 
Cyber Threat Intelligence
bymohamed nasri
 
What is iso 27001 isms
byCraig Willetts ISO Expert
 
Build an Information Security Strategy
byAndrew Byers
 

What's hot

PDF
Threat Intelligence
byDeepak Kumar (D3)
 
PPTX
Security risk management
byPrachi Gulihar
 
PDF
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
byEdureka!
 
PPTX
CISSP-Certified.pptx
byssuser645549
 
PDF
ISO 27001
byn|u - The Open Security Community
 
PDF
What is ISO 27001 ISMS
byBusiness Beam
 
PDF
Cybersecurity risk management 101
bySrinivasan Vanamali
 
PDF
Security operations center-SOC Presentation-مرکز عملیات امنیت
byReZa AdineH
 
PPTX
Cyber Security Threat Modeling
byDr. Anish Cheriyan (PhD)
 
PDF
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
byElasticsearch
 
PPT
Introduction to Cyber Security
byStephen Lahanas
 
PPTX
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
PDF
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
bySounil Yu
 
PDF
Threat Hunting
bySplunk
 
PDF
ISO27001: Implementation & Certification Process Overview
byShankar Subramaniyan
 
PPTX
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
PDF
Cyber Threat Intelligence
byseadeloitte
 
PDF
Cybersecurity Fundamental Course by Haris Chughtai.pdf
byHaris Chughtai
 
PPTX
How to implement NIST cybersecurity standards in my organization
byExigent Technologies LLC
 
PPT
Risk Assessment Process NIST 800-30
bytimmcguinness
 
Threat Intelligence
byDeepak Kumar (D3)
 
Security risk management
byPrachi Gulihar
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
byEdureka!
 
CISSP-Certified.pptx
byssuser645549
 
ISO 27001
byn|u - The Open Security Community
 
What is ISO 27001 ISMS
byBusiness Beam
 
Cybersecurity risk management 101
bySrinivasan Vanamali
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
byReZa AdineH
 
Cyber Security Threat Modeling
byDr. Anish Cheriyan (PhD)
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
byElasticsearch
 
Introduction to Cyber Security
byStephen Lahanas
 
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
bySounil Yu
 
Threat Hunting
bySplunk
 
ISO27001: Implementation & Certification Process Overview
byShankar Subramaniyan
 
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
Cyber Threat Intelligence
byseadeloitte
 
Cybersecurity Fundamental Course by Haris Chughtai.pdf
byHaris Chughtai
 
How to implement NIST cybersecurity standards in my organization
byExigent Technologies LLC
 
Risk Assessment Process NIST 800-30
bytimmcguinness
 

Similar to Cybersecurity Framework - Introduction

PDF
ICION 2016 - Cyber Security Governance
byCharles Lim
 
PPTX
DOC-20250530-WA0008.pptx.................
bysalmannawaz6566504
 
DOCX
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T
byOllieShoresna
 
PDF
NIST critical_infrastructure_cybersecurity.pdf
byssuserb3094b
 
PPTX
NIST Critical Security Framework (CSF)
byPriyanka Aash
 
PDF
Improving Cyber Readiness with the NIST Cybersecurity Framework
byWilliam McBorrough
 
PPTX
The IT Analysis Paralysis
byPYA, P.C.
 
PPTX
Keynote Session : NIST - Cyber Security Framework Measuring Security
byPriyanka Aash
 
PPT
What CIOs and CFOs Need to Know About Cyber Security
byPhil Agcaoili
 
PPTX
INFS2701 T2 2025 Lecture 1 Data Warehousing.pptx
bysaniyagadekar12
 
PPTX
cybersecurity_framework_v1-1_presentation.pptx
bycirodussan
 
PPTX
cybersecurity_framework_v1-1_presentation.pptx
bycommentcava2000
 
PPTX
Cybersecurity framework v1-1_presentation
byezhilnarasu
 
PPTX
Cybersecurity framework v1-1_presentation
byMonchai Phaichitchan
 
PPTX
cybersecurity_framework_v1-1_presentation.pptx
byssuserda58e2
 
PPTX
Cybersecurity Frameworks and You: The Perfect Match
byMcKonly & Asbury, LLP
 
PDF
Cybersecurity Framework - What are Pundits Saying?
byJim Meyer
 
PPTX
Capstone Final Presentation
byKartik Uppal
 
DOCX
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
byjustine1simpson78276
 
PDF
NIST Cybersecurity Framework 101
byErick Kish, U.S. Commercial Service
 
ICION 2016 - Cyber Security Governance
byCharles Lim
 
DOC-20250530-WA0008.pptx.................
bysalmannawaz6566504
 
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T
byOllieShoresna
 
NIST critical_infrastructure_cybersecurity.pdf
byssuserb3094b
 
NIST Critical Security Framework (CSF)
byPriyanka Aash
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
byWilliam McBorrough
 
The IT Analysis Paralysis
byPYA, P.C.
 
Keynote Session : NIST - Cyber Security Framework Measuring Security
byPriyanka Aash
 
What CIOs and CFOs Need to Know About Cyber Security
byPhil Agcaoili
 
INFS2701 T2 2025 Lecture 1 Data Warehousing.pptx
bysaniyagadekar12
 
cybersecurity_framework_v1-1_presentation.pptx
bycirodussan
 
cybersecurity_framework_v1-1_presentation.pptx
bycommentcava2000
 
Cybersecurity framework v1-1_presentation
byezhilnarasu
 
Cybersecurity framework v1-1_presentation
byMonchai Phaichitchan
 
cybersecurity_framework_v1-1_presentation.pptx
byssuserda58e2
 
Cybersecurity Frameworks and You: The Perfect Match
byMcKonly & Asbury, LLP
 
Cybersecurity Framework - What are Pundits Saying?
byJim Meyer
 
Capstone Final Presentation
byKartik Uppal
 
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
byjustine1simpson78276
 
NIST Cybersecurity Framework 101
byErick Kish, U.S. Commercial Service
 

Recently uploaded

PDF
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
PDF
Video Infrastructure_ Streaming Architecture and Delivery Systems.pdf
byTenbyte Limited
 
PPTX
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
PPTX
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
PPTX
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
PDF
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
PPTX
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
PDF
Artificial Intelligence and Barbarism - Conceptual Map
byalfadix
 
PDF
IAI-Unit1-notes useful.............................
bydinesh620610
 
PDF
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
PDF
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
PDF
AI Driven & AI Native Development AI native development
byZainKarim7
 
PDF
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
PDF
250 Prompts - ChatGPT acting as your Assistant
byMihir Nagarkar
 
PPTX
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
PPTX
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
PPTX
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
PDF
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
PDF
How Azure DevOps Consultants Dubai Reduce Release Delays.pdf
byLogicEra
 
PDF
Navigating the Spectrum of Advanced AI – Agentic, Autonomous, and Autopoietic...
byScott M. Graffius
 
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
Video Infrastructure_ Streaming Architecture and Delivery Systems.pdf
byTenbyte Limited
 
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
Artificial Intelligence and Barbarism - Conceptual Map
byalfadix
 
IAI-Unit1-notes useful.............................
bydinesh620610
 
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
AI Driven & AI Native Development AI native development
byZainKarim7
 
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
250 Prompts - ChatGPT acting as your Assistant
byMihir Nagarkar
 
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
How Azure DevOps Consultants Dubai Reduce Release Delays.pdf
byLogicEra
 
Navigating the Spectrum of Advanced AI – Agentic, Autonomous, and Autopoietic...
byScott M. Graffius
 

Cybersecurity Framework - Introduction

  • 1.
    Cybersecurity Framework Manajemen RisikoKeamanan Informasi [EL5216 17/18] Muhammad Akbar Yasin [23216322]
  • 2.
    Terms • Information Security •Information security is about the protection of information, regardless of whether it is stored digitally or not • CIA Triad • Cybersecurity • Is it about securing “cyber”? • Cyber security is about securing things that are vulnerable through ICT [1] https://ccis.no/cyber-security-versus-information-security/
  • 3.
    Terms (continued) • ISACAGlossary • Information • An asset that, like other important business assets, is essential to an enterprise’s business. It can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or by using electronic means, shown on films, or spoken in conversation. • Information security • Ensures that within the enterprise, information is protected against disclosure to unauthorized users (confidentiality), improper modification (integrity), and non-access when required (availability). • Cybersecurity • The protection of information assets by addressing threats to information processed, stored, and transported by internetworked information systems [3] https://www.isaca.org/Pages/Glossary.aspx
  • 4.
    Infosec vs Cybersecurity [2]http://www.cisoplatform.com/profiles/blogs/understanding-difference-between-cyber-security-information
  • 5.
    NIST Cybersecurity Framework •Why NIST CSF? • Provides guidance on risk management principles and best practices, • Provides common language to address and manage cybersecurity risk • Outlines a structure for organizations to understand and apply cybersecurity risk management • Identifies effective standards, guidelines, and practices to manage cybersecurity risk in a cost-effective manner based on business needs. • Who Should Used the Framework? • for organizations of all sizes, sectors, and maturities. While the Framework was designed with Critical Infrastructure (CI) in mind, it is extremely versatile and can be used by organizations regardless of sector or size. [4] https://www.us-cert.gov/sites/default/files/c3vp/framework_guidance/HPH_Framework_Implementation_Guidance.pdf, page 11
  • 6.
    NIST Cybersecurity Framework [5]Implementing The Nist Cybersecurity Framework Using Cobit 5: a step-by-step guide for your enterprise
  • 7.
  • 8.
    Framework Core Subcategories arethe deepest level of abstraction in the Core. There are 98 Subcategories, which are outcome- driven statements that provide considerations for creating or improving a cybersecurity program. [7] https://www.nist.gov/cyberframework/online-learning/components-framework
  • 9.
    Implementation Tiers Tiers describethe degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework. The Tiers range from Partial (Tier 1) to Adaptive (Tier 4) and describe an increasing degree of rigor, and how well integrated cybersecurity risk decisions are into broader risk decisions, and the degree to which the organization shares and receives cybersecurity info from external parties
  • 10.
  • 11.
    Profiles Profiles are anorganization's unique alignment of their organizational requirements and objectives, risk appetite, and resources against the desired outcomes of the Framework Core. Profiles can be used to identify opportunities for improving cybersecurity posture by comparing a “Current” Profile with a “Target” Profile.
  • 12.
    Reference • [1] https://ccis.no/cyber-security-versus-information-security/ •[2] http://www.cisoplatform.com/profiles/blogs/understanding-difference-between- cyber-security-information • [3] https://www.isaca.org/Pages/Glossary.aspx • [4] https://www.us- cert.gov/sites/default/files/c3vp/framework_guidance/HPH_Framework_Implementatio n_Guidance.pdf, page 11 • [5] Implementing The Nist Cybersecurity Framework Using Cobit 5: a step-by-step guide for your enterprise, page 5 • [6] https://www.orbussoftware.com/governance-risk-and-compliance/nist/benefits/ • [7] https://www.nist.gov/cyberframework/online-learning/components-framework • [8] https://supplier.intel.com/static/governance/documents/The-cybersecurity- framework-in-action-an-intel-use-case-brief.pdf