1. Purpose Control
Framework
Program
Framework
Risk
Framewo
rk
Use of
the
Framewo
rk
• Identify baseline of
controls
• Assess state
of technical
capabilities
• Prioritize
implementation
of controls
• Develop an initial
roadmap for the
security team
• Assess state of
the overall
security program
• Builda
comprehensive
security
program
• Measure
maturity and
conduct industry
comparisons
• Simplify
communication
with business
• Define key
process
steps for
assessing and
managing
risk
• Structure
risk
manageme
nt program
• Identify,
measure
and
quantify risk
2. C
YBERSEC
U
R
IT
YFRAMEW
ORK
A collection of finest practices that an organization
must follow to manage its cybersecurity risk.
Goal of the framework:
• R
educe company’sexposure to cyberattacks
• Identify areas at higher risk for data breaches
•Monitor the compromising activities of cyber
criminals
6. DEEPDIVEINTO: NIST
C
YBERSEC
U
RIT
YFRAMEW
ORK
Composed of three parts:
•Core
•Implementation Tiers
•Profiles
Definesa common language for
managing risk
•Core has five functions that
provide a high-level, strategic
view of security lifecycle
Identify
Protect
Detect
Respond
Recover
9. REFERENCES
How to Make Sense of Cybeísecuíity Fíamewoíks (RSA
Confeíence2019)’ https://www.nist.gov/cybeífíamewoík
https://reciprocity.com/resources/what-is-a-cybersecurity-framework/