The document discusses cybersecurity frameworks, including their purpose of reducing risk and identifying vulnerabilities. It specifically describes the NIST Cybersecurity Framework, which defines a common language for managing risk across five functions: Identify, Protect, Detect, Respond, and Recover. The Framework includes categories within each function to help organizations assess their current security posture and develop a roadmap for improvement.

1. Purpose Control
Framework
Program
Framework
Risk
Framewo
rk
Use of
the
Framewo
rk
• Identify baseline of
controls
• Assess state
of technical
capabilities
• Prioritize
implementation
of controls
• Develop an initial
roadmap for the
security team
• Assess state of
the overall
security program
• Builda
comprehensive
security
program
• Measure
maturity and
conduct industry
comparisons
• Simplify
communication
with business
• Define key
process
steps for
assessing and
managing
risk
• Structure
risk
manageme
nt program
• Identify,
measure
and
quantify risk

2. C
YBERSEC
U
R
IT
YFRAMEW
ORK
A collection of finest practices that an organization
must follow to manage its cybersecurity risk.
Goal of the framework:
• R
educe company’sexposure to cyberattacks
• Identify areas at higher risk for data breaches
•Monitor the compromising activities of cyber
criminals

3. T
YPESOF
SEC
U
RIT
Y
FRAMEWORK
Control
Framework
Program
Framework
Risk
Framework

4. N
ISTC
YBERSEC
U
RIT
YFRAMEW
ORK
There are two
frameworks defined
under Program
Framework:
• ISO 27001
• NIST Cyber Security
Framework

5. H
ELPSOR
G
AN
IZAT
ION
SASK:
What are we doing
today ?
How are we doing
today ?
Where do we want to
go ?
When do we want to go
there ?

6. DEEPDIVEINTO: NIST
C
YBERSEC
U
RIT
YFRAMEW
ORK
 Composed of three parts:
•Core
•Implementation Tiers
•Profiles
Definesa common language for
managing risk
•Core has five functions that
provide a high-level, strategic
view of security lifecycle
Identify
Protect
Detect
Respond
Recover

7. FRAMEW
OR
K
CATEGORIES
Function Category
Identify
Asset
Management
Business
Environment
Governance
Risk Assessment
Risk Management
Strategy Supply Chain
Risk Management
Protect
Identify management,
Authentication and
Access Control
Awareness
Training Data
Security Information
Protection
Processes and

8. FRAMEW
OR
K
CATEGORIES
Function Category
Detect
Anomalies and
events Security
continuous
monitoring
Detection Processes
Respond
Response
Planning
Communications
Analysis
Mitigation
Improvements
Recover
Recover
Planning
Improvements
Communications

9. REFERENCES
How to Make Sense of Cybeísecuíity Fíamewoíks (RSA
Confeíence2019)’ https://www.nist.gov/cybeífíamewoík
https://reciprocity.com/resources/what-is-a-cybersecurity-framework/

10. Thank You