SlideShare a Scribd company logo

cybersecurity_framework_webinar_2017.pptx

Download as PPTX, PDF
M
MuhammadAbdullah311866

cybersecurity_framework_webinar

Education
1 of 28
Framework for Improving Critical Infrastructure Cybersecurity March 2017 cyberframework@nist.gov
Improving Critical Infrastructure Cybersecurity “It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties” Executive Order 13636 February 12, 2013 2
The Cybersecurity Framework... • Includes a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. • Provides a prioritized, flexible, repeatable, performance- based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk. • Identifies areas for improvement to be addressed through future collaboration with particular sectors and standards-developing organizations. • Is consistent with voluntary international standards. 3
4 Development of the Framework Engage Stakeholders Collect, Categorize, Post RFI Responses Analyze RFI Responses Identify Framework Elements Prepare and Publish Framework EO 13636 Issued – Feb 12, 2013 RFI Issued – Feb 2013 1st Workshop – April 2013 Completed – April 2013 2nd Workshop – May 2013 Draft Outline of Framework – June 2013 3rd Workshop – July 2013 4th Workshop – Sept 2013 5th Workshop – Nov 2013 Published – Feb 12, 2014 Ongoing Engagement: Open public comment/ review encouraged throughout the process… and to this day
The Framework Is for Organizations… 5 • Of any size, in any sector in (and outside of) the critical infrastructure. • That already have a mature cyber risk management and cybersecurity program. • That don’t yet have a cyber risk management or cybersecurity program. • Needing to keep up-to-date managing risks, facing business or societal threats. • In the federal government, too…since it is compatible with FISMA requirements and goals.
Continued Improvement of Critical Infrastructure Cybersecurity Amends the National Institute of Standards and Technology Act (15 U.S.C. 272(c)) to say: “…on an ongoing basis, facilitate and support the development of a voluntary, consensus-based, industry-led set of standards, guidelines, best practices, methodologies, procedures, and processes to cost-effectively reduce cyber risks to critical infrastructure” Cybersecurity Enhancement Act of 2014 (P.L. 113-274) 18 December 2014 6
Cybersecurity Framework Components Describes how cybersecurity risk is managed by an organization and degree the risk management practices exhibit key characteristics Aligns industry standards and best practices to the Framework Core in a particular implementation scenario Supports prioritization and measurement while factoring in business needs Cybersecurity activities and informative references, organized around particular outcomes Enables communication of cyber risk across an organization Framework Core Framework Implementation Tiers Framework Profile 7
Key Properties of Cyber Risk Management 8 Risk Management Process Integrated Risk Management Program External Participation
Implementation Tiers 9 1 2 3 4 Partial Risk Informed Repeatable Adaptive Risk Management Process The functionality and repeatability of cybersecurity risk management Integrated Risk Management Program The extent to which cybersecurity is considered in broader risk management decisions External Participation The degree to which the organization benefits my sharing or receiving information from outside parties 9
Core Cybersecurity Framework Component 10 Senior Executives Implementation/ Operations • Broad enterprise considerations • Abstracted risk vocabulary • Deep technical considerations • Highly specialized vocabulary Specialists in Other Fields • Specific focus outside of cybersecurity • Specialized or no risk vocabulary
Core Cybersecurity Framework Component Function Category ID What processes and assets need protection? Identify Asset Management ID.AM Business Environment ID.BE Governance ID.GV Risk Assessment ID.RA Risk Management Strategy ID.RM What safeguards are available? Protect Access Control PR.AC Awareness and Training PR.AT Data Security PR.DS Information Protection Processes & Procedures PR.IP Maintenance PR.MA Protective Technology PR.PT What techniques can identify incidents? Detect Anomalies and Events DE.AE Security Continuous Monitoring DE.CM Detection Processes DE.DP What techniques can contain impacts of incidents? Respond Response Planning RS.RP Communications RS.CO Analysis RS.AN Mitigation RS.MI Improvements RS.IM What techniques can restore capabilities? Recover Recovery Planning RC.RP Improvements RC.IM Communications RC.CO 11
Core Cybersecurity Framework Component 12 Function Category ID Identify Asset Management ID.AM Business Environment ID.BE Governance ID.GV Risk Assessment ID.RA Risk Management Strategy ID.RM Protect Access Control PR.AC Awareness and Training PR.AT Data Security PR.DS Information Protection Processes & Procedures PR.IP Maintenance PR.MA Protective Technology PR.PT Detect Anomalies and Events DE.AE Security Continuous Monitoring DE.CM Detection Processes DE.DP Respond Response Planning RS.RP Communications RS.CO Analysis RS.AN Mitigation RS.MI Improvements RS.IM Recover Recovery Planning RC.RP Improvements RC.IM Communications RC.CO Subcategory Informative References ID.BE-1: The organization’s role in the supply chain is identified and communicated COBIT 5 APO08.04, APO08.05, APO10.03, APO10.04, APO10.05 ISO/IEC 27001:2013 A.15.1.3, A.15.2.1, A.15.2.2 NIST SP 800-53 Rev. 4 CP-2, SA-12 ID.BE-2: The organization’s place in critical infrastructure and its industry sector is identified and communicated COBIT 5 APO02.06, APO03.01 NIST SP 800-53 Rev. 4 PM-8 ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated COBIT 5 APO02.01, APO02.06, APO03.01 ISA 62443-2-1:2009 4.2.2.1, 4.2.3.6 NIST SP 800-53 Rev. 4 PM-11, SA- 14 ID.BE-4: Dependencies and critical functions for delivery of critical services are established ISO/IEC 27001:2013 A.11.2.2, A.11.2.3, A.12.1.3 NIST SP 800-53 Rev. 4 CP-8, PE-9, PE-11, PM-8, SA-14 ID.BE-5: Resilience requirements to support delivery of critical services are established COBIT 5 DSS04.02 ISO/IEC 27001:2013 A.11.1.4, A.17.1.1, A.17.1.2, A.17.2.1 NIST SP 800-53 Rev. 4 CP-2, CP- 11, SA-14 12
Profile Cybersecurity Framework Component 13 Identify Protect Detect Respond Recover Ways to think about a Profile: • A customization of the Core for a given sector, subsector, or organization. • A fusion of business/mission logic and cybersecurity outcomes. • An alignment of cybersecurity requirements with operational methodologies. • A basis for assessment and expressing target state. • A decision support tool for cybersecurity risk management.
Supporting Risk Management with Framework 14
Framework 7-Step Process • Step 1: Prioritize and Scope • Step 2: Orient • Step 3: Create a Current Profile • Step 4: Conduct a Risk Assessment • Step 5: Create a Target Profile • Step 6: Determine, Analyze, and Prioritize Gaps • Step 7: Implementation Action Plan 15
Building a Profile A Profile Can be Created in Three Steps 16 Subcategory 1 2 3 … 98 Mission Objective A B C Cybersecurity Requirements Legislation Regulation Internal & External Policy Best Practice Operating Methodologies Guidance and methodology on implementing, managing, and monitoring 1 2 3
Conceptual Profile Value Proposition 17 Cybersecurity Requirements Subcategory Priority Operating Methodologies A 1 moderate I II B C 2 high III D E 3 moderate IV V F … … VI VII G 98 moderate VIII 1 2 3 When you organize yourself in this way: • Compliance reporting becomes a byproduct of running your security operation • Adding new security requirements is straightforward • Adding or changing operational methodology is non- intrusive to on-going operation
Resource and Budget Decision Making What Can You Do with a CSF Profile? 18 Sub- category Priority Gaps Budget Year 1 Activities Year 2 Activities 1 moderate small $$$ X 2 high large $$ X 3 moderate medium $ X … … … … 98 moderate none $$ reassess As-Is Year 1 To-Be Year 2 To-Be …and supports on-going operational decisions, too
Profile Ecosystem 19 NIST TAXONOMY 1 2 3 ... 98 1 Req A 2 Req B 3 Req C ... ... 98 Req ZZ 1 Req A High 2 Req B Mod 3 Req C Low ... ... ... 98 Req ZZ High REQUIREMENTS PRIORITIES Community Organization or Community Cybersecurity Framework Core Cybersecurity Framework Profile Crosswalks Mappings
Key Attributes It’s a framework, not a prescriptive standard • Provides a common language and systematic methodology for managing cyber risk. • Is meant to be adapted. • Does not tell an organization how much cyber risk is tolerable, nor provide “the one and only” formula for cybersecurity. • Enable best practices to become standard practices for everyone via common lexicon to enable action across diverse stakeholders. It’s voluntary It’s a living document • It is intended to be updated as stakeholders learn from implementation, and as technology and risks change…more later. • That’s one reason why the Framework focuses on questions an organization needs to ask itself to manage its risk. While practices, technology, and standards will change over time—principles will not. 20
Common Patterns of Use • Integrate the functions into your leadership vocabulary and management tool sets. • Determine optimal risk management using Implementation Tiers. • Measure current risk management using Implementation Tiers. • Reflect on business environment, governance, and risk management strategy categories. • Develop a Profile of cybersecurity priorities, leveraging (Sub)Sector Profiles when available. 21
Work in Progress: Framework Roadmap Authentication Automated Indicator Sharing Conformity Assessment Cybersecurity Workforce Data Analytics Federal Agency Cybersecurity Alignment International Aspects, Impacts, and Alignment Supply Chain Risk Management Technical Privacy Standards 22
Examples of Framework Industry Resources www.nist.gov/cyberframework/industry-resources The Cybersecurity Framework in Action: An Intel Use Case Energy Sector Cybersecurity Framework Implementation Guidance American Water Works Association’s Process Control System Security Guidance for the Water Sector Cybersecurity Risk Management and Best Practices Working Group 4: Final Report 23 Italy’s National Framework for Cybersecurity
Examples of State & Local Use 24 Texas, Department of Information Resources • Aligned Agency Security Plans with Framework • Aligned Product and Service Vendor Requirements with Framework Houston, Greater Houston Partnership • Integrated Framework into their Cybersecurity Guide • Offer On-Line Framework Self-Assessment North Dakota, Information Technology Department • Allocated Roles & Responsibilities using Framework • Adopted the Framework into their Security Operation Strategy National Association of State CIOs • 2 out of 3 CIOs from the 2015 NASCIO Awards cited Framework as a part of their award-winning strategy New Jersey • Developed a cybersecurity framework that aligns controls and procedures with Framework
NIST Baldrige Excellence Builders Baldrige Cybersecurity Excellence Builder Manufacturing Service Small Business Education Healthcare Non-profit Cybersecurity (2017) 25 • Self-assessment criteria with basis in Cybersecurity Framework • Complements NIST Baldrige Program’s performance excellence successes. • April 2-5, 2017 - 29th Annual Quest for Excellence Conference • Pre-conference workshop that focuses on cybersecurity will be held on April 2nd - visit: https://www.nist.gov/baldrige/qe
Utilizing CSF Informative References to create tailored language for the manufacturing sector • NIST SP 800-53 • NIST SP 800-82 • ISA / IEC 62443 26 www.tiger-global.co.uk NIST Manufacturing Profile NIST Discrete Manufacturing Cybersecurity Framework Profile
• NCCoE and United States Coast Guard (USCG) worked together to draft a USCG Maritime Profile, based on the Cybersecurity Framework • Aligns the USCG’s cyber strategy with cybersecurity activities of the maritime bulk liquid transport operations of the oil & natural gas industry, utilizing standards and best practices guided by the Framework • The profile can help individual companies clarify how cybersecurity fits into their mission priorities and how best to allocate resources to secure their information and operational systems. 27 USCG Maritime Bulk Liquids Transfer (BLT) Framework Profile The profile is available at: https://www.uscg.mil/hq/cg5/cg544/docs/Maritime_BLT_CSF.pdf
Framework for Improving Critical Infrastructure Cybersecurity and related news, information: www.nist.gov/cyberframework Additional cybersecurity resources: http://csrc.nist.gov/ Questions, comments, ideas: cyberframework@nist.gov Resources Where to Learn More and Stay Current

Recommended

NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxframework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxMuhammadAbdullah311866
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
framework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptxframework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptxAshishRanjan546644
 

Recommended

NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxframework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxMuhammadAbdullah311866
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
framework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptxframework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptxAshishRanjan546644
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity OverviewBrian Matteson, CISSP CISA
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 
From NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfFrom NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Government Technology and Services Coalition
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfCybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfThilak Pathirage -Senior IT Gov and Risk Consultant
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPScott Baron
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsRob Arnold
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkWilliam McBorrough
 
IRJET- Software Architecture and Software Design
IRJET- Software Architecture and Software DesignIRJET- Software Architecture and Software Design
IRJET- Software Architecture and Software DesignIRJET Journal
 
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security FrameworkNorbi Hegedus
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...West Monroe Partners
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018Open Security Summit
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsSkoda Minotti
 
The IT Analysis Paralysis
The IT Analysis Paralysis The IT Analysis Paralysis
The IT Analysis Paralysis PYA, P.C.
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdfNVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdfMuhammadAbdullah311866
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxMuhammadAbdullah311866
 

More Related Content

Similar to cybersecurity_framework_webinar_2017.pptx

Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPScott Baron
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsRob Arnold
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkWilliam McBorrough
 
IRJET- Software Architecture and Software Design
IRJET- Software Architecture and Software DesignIRJET- Software Architecture and Software Design
IRJET- Software Architecture and Software DesignIRJET Journal
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security FrameworkNorbi Hegedus
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...West Monroe Partners
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018Open Security Summit
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsSkoda Minotti
 
The IT Analysis Paralysis
The IT Analysis Paralysis The IT Analysis Paralysis
The IT Analysis Paralysis PYA, P.C.
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 

Similar to cybersecurity_framework_webinar_2017.pptx (20)

SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
 
From NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfFrom NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdf
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfCybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & Metrics
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity Framework
 
IRJET- Software Architecture and Software Design
IRJET- Software Architecture and Software DesignIRJET- Software Architecture and Software Design
IRJET- Software Architecture and Software Design
 
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
 
The IT Analysis Paralysis
The IT Analysis Paralysis The IT Analysis Paralysis
The IT Analysis Paralysis
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 

More from MuhammadAbdullah311866

NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdfNVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdfMuhammadAbdullah311866
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxMuhammadAbdullah311866
 
presentationcloud-18123333331185718.pptx
presentationcloud-18123333331185718.pptxpresentationcloud-18123333331185718.pptx
presentationcloud-18123333331185718.pptxMuhammadAbdullah311866
 
cybersecurity assessS-Ment-and-I(1).pptx
cybersecurity assessS-Ment-and-I(1).pptxcybersecurity assessS-Ment-and-I(1).pptx
cybersecurity assessS-Ment-and-I(1).pptxMuhammadAbdullah311866
 
Security-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptxSecurity-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptxMuhammadAbdullah311866
 
Responsibilities of the CSIRT--abss.pptx
Responsibilities of the CSIRT--abss.pptxResponsibilities of the CSIRT--abss.pptx
Responsibilities of the CSIRT--abss.pptxMuhammadAbdullah311866
 
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptxFusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptxMuhammadAbdullah311866
 
bash_1_2021-command line introduction.pdf
bash_1_2021-command line introduction.pdfbash_1_2021-command line introduction.pdf
bash_1_2021-command line introduction.pdfMuhammadAbdullah311866
 
package module in the python environement.pptx
package module in the python environement.pptxpackage module in the python environement.pptx
package module in the python environement.pptxMuhammadAbdullah311866
 
Supply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptxSupply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptxMuhammadAbdullah311866
 
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...MuhammadAbdullah311866
 
overview of principles of computerss.ppt
overview of principles of computerss.pptoverview of principles of computerss.ppt
overview of principles of computerss.pptMuhammadAbdullah311866
 
information security importance and use.ppt
information security importance and use.pptinformation security importance and use.ppt
information security importance and use.pptMuhammadAbdullah311866
 
implementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptimplementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptMuhammadAbdullah311866
 
compatibility and complexity in the IS.ppt
compatibility and complexity in the IS.pptcompatibility and complexity in the IS.ppt
compatibility and complexity in the IS.pptMuhammadAbdullah311866
 
turning test, how it works and winners.ppt
turning test, how it works and winners.pptturning test, how it works and winners.ppt
turning test, how it works and winners.pptMuhammadAbdullah311866
 
games, infosec, privacy, adversaries .ppt
games, infosec, privacy, adversaries .pptgames, infosec, privacy, adversaries .ppt
games, infosec, privacy, adversaries .pptMuhammadAbdullah311866
 
Authentication Authorization-Lesson-2-Slides.ppt
Authentication Authorization-Lesson-2-Slides.pptAuthentication Authorization-Lesson-2-Slides.ppt
Authentication Authorization-Lesson-2-Slides.pptMuhammadAbdullah311866
 
PTE-A Coaching- information slidess.pptx
PTE-A Coaching- information slidess.pptxPTE-A Coaching- information slidess.pptx
PTE-A Coaching- information slidess.pptxMuhammadAbdullah311866
 
Information security power point slides.ppt
Information security power point slides.pptInformation security power point slides.ppt
Information security power point slides.pptMuhammadAbdullah311866
 

More from MuhammadAbdullah311866 (20)

NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdfNVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptx
 
presentationcloud-18123333331185718.pptx
presentationcloud-18123333331185718.pptxpresentationcloud-18123333331185718.pptx
presentationcloud-18123333331185718.pptx
 
cybersecurity assessS-Ment-and-I(1).pptx
cybersecurity assessS-Ment-and-I(1).pptxcybersecurity assessS-Ment-and-I(1).pptx
cybersecurity assessS-Ment-and-I(1).pptx
 
Security-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptxSecurity-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptx
 
Responsibilities of the CSIRT--abss.pptx
Responsibilities of the CSIRT--abss.pptxResponsibilities of the CSIRT--abss.pptx
Responsibilities of the CSIRT--abss.pptx
 
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptxFusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
 
bash_1_2021-command line introduction.pdf
bash_1_2021-command line introduction.pdfbash_1_2021-command line introduction.pdf
bash_1_2021-command line introduction.pdf
 
package module in the python environement.pptx
package module in the python environement.pptxpackage module in the python environement.pptx
package module in the python environement.pptx
 
Supply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptxSupply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptx
 
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
 
overview of principles of computerss.ppt
overview of principles of computerss.pptoverview of principles of computerss.ppt
overview of principles of computerss.ppt
 
information security importance and use.ppt
information security importance and use.pptinformation security importance and use.ppt
information security importance and use.ppt
 
implementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptimplementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.ppt
 
compatibility and complexity in the IS.ppt
compatibility and complexity in the IS.pptcompatibility and complexity in the IS.ppt
compatibility and complexity in the IS.ppt
 
turning test, how it works and winners.ppt
turning test, how it works and winners.pptturning test, how it works and winners.ppt
turning test, how it works and winners.ppt
 
games, infosec, privacy, adversaries .ppt
games, infosec, privacy, adversaries .pptgames, infosec, privacy, adversaries .ppt
games, infosec, privacy, adversaries .ppt
 
Authentication Authorization-Lesson-2-Slides.ppt
Authentication Authorization-Lesson-2-Slides.pptAuthentication Authorization-Lesson-2-Slides.ppt
Authentication Authorization-Lesson-2-Slides.ppt
 
PTE-A Coaching- information slidess.pptx
PTE-A Coaching- information slidess.pptxPTE-A Coaching- information slidess.pptx
PTE-A Coaching- information slidess.pptx
 
Information security power point slides.ppt
Information security power point slides.pptInformation security power point slides.ppt
Information security power point slides.ppt
 

Recently uploaded

Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 

Recently uploaded (20)

Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 

cybersecurity_framework_webinar_2017.pptx

  • 1. Framework for Improving Critical Infrastructure Cybersecurity March 2017 cyberframework@nist.gov
  • 2. Improving Critical Infrastructure Cybersecurity “It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties” Executive Order 13636 February 12, 2013 2
  • 3. The Cybersecurity Framework... • Includes a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. • Provides a prioritized, flexible, repeatable, performance- based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk. • Identifies areas for improvement to be addressed through future collaboration with particular sectors and standards-developing organizations. • Is consistent with voluntary international standards. 3
  • 4. 4 Development of the Framework Engage Stakeholders Collect, Categorize, Post RFI Responses Analyze RFI Responses Identify Framework Elements Prepare and Publish Framework EO 13636 Issued – Feb 12, 2013 RFI Issued – Feb 2013 1st Workshop – April 2013 Completed – April 2013 2nd Workshop – May 2013 Draft Outline of Framework – June 2013 3rd Workshop – July 2013 4th Workshop – Sept 2013 5th Workshop – Nov 2013 Published – Feb 12, 2014 Ongoing Engagement: Open public comment/ review encouraged throughout the process… and to this day
  • 5. The Framework Is for Organizations… 5 • Of any size, in any sector in (and outside of) the critical infrastructure. • That already have a mature cyber risk management and cybersecurity program. • That don’t yet have a cyber risk management or cybersecurity program. • Needing to keep up-to-date managing risks, facing business or societal threats. • In the federal government, too…since it is compatible with FISMA requirements and goals.
  • 6. Continued Improvement of Critical Infrastructure Cybersecurity Amends the National Institute of Standards and Technology Act (15 U.S.C. 272(c)) to say: “…on an ongoing basis, facilitate and support the development of a voluntary, consensus-based, industry-led set of standards, guidelines, best practices, methodologies, procedures, and processes to cost-effectively reduce cyber risks to critical infrastructure” Cybersecurity Enhancement Act of 2014 (P.L. 113-274) 18 December 2014 6
  • 7. Cybersecurity Framework Components Describes how cybersecurity risk is managed by an organization and degree the risk management practices exhibit key characteristics Aligns industry standards and best practices to the Framework Core in a particular implementation scenario Supports prioritization and measurement while factoring in business needs Cybersecurity activities and informative references, organized around particular outcomes Enables communication of cyber risk across an organization Framework Core Framework Implementation Tiers Framework Profile 7
  • 8. Key Properties of Cyber Risk Management 8 Risk Management Process Integrated Risk Management Program External Participation
  • 9. Implementation Tiers 9 1 2 3 4 Partial Risk Informed Repeatable Adaptive Risk Management Process The functionality and repeatability of cybersecurity risk management Integrated Risk Management Program The extent to which cybersecurity is considered in broader risk management decisions External Participation The degree to which the organization benefits my sharing or receiving information from outside parties 9
  • 10. Core Cybersecurity Framework Component 10 Senior Executives Implementation/ Operations • Broad enterprise considerations • Abstracted risk vocabulary • Deep technical considerations • Highly specialized vocabulary Specialists in Other Fields • Specific focus outside of cybersecurity • Specialized or no risk vocabulary
  • 11. Core Cybersecurity Framework Component Function Category ID What processes and assets need protection? Identify Asset Management ID.AM Business Environment ID.BE Governance ID.GV Risk Assessment ID.RA Risk Management Strategy ID.RM What safeguards are available? Protect Access Control PR.AC Awareness and Training PR.AT Data Security PR.DS Information Protection Processes & Procedures PR.IP Maintenance PR.MA Protective Technology PR.PT What techniques can identify incidents? Detect Anomalies and Events DE.AE Security Continuous Monitoring DE.CM Detection Processes DE.DP What techniques can contain impacts of incidents? Respond Response Planning RS.RP Communications RS.CO Analysis RS.AN Mitigation RS.MI Improvements RS.IM What techniques can restore capabilities? Recover Recovery Planning RC.RP Improvements RC.IM Communications RC.CO 11
  • 12. Core Cybersecurity Framework Component 12 Function Category ID Identify Asset Management ID.AM Business Environment ID.BE Governance ID.GV Risk Assessment ID.RA Risk Management Strategy ID.RM Protect Access Control PR.AC Awareness and Training PR.AT Data Security PR.DS Information Protection Processes & Procedures PR.IP Maintenance PR.MA Protective Technology PR.PT Detect Anomalies and Events DE.AE Security Continuous Monitoring DE.CM Detection Processes DE.DP Respond Response Planning RS.RP Communications RS.CO Analysis RS.AN Mitigation RS.MI Improvements RS.IM Recover Recovery Planning RC.RP Improvements RC.IM Communications RC.CO Subcategory Informative References ID.BE-1: The organization’s role in the supply chain is identified and communicated COBIT 5 APO08.04, APO08.05, APO10.03, APO10.04, APO10.05 ISO/IEC 27001:2013 A.15.1.3, A.15.2.1, A.15.2.2 NIST SP 800-53 Rev. 4 CP-2, SA-12 ID.BE-2: The organization’s place in critical infrastructure and its industry sector is identified and communicated COBIT 5 APO02.06, APO03.01 NIST SP 800-53 Rev. 4 PM-8 ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated COBIT 5 APO02.01, APO02.06, APO03.01 ISA 62443-2-1:2009 4.2.2.1, 4.2.3.6 NIST SP 800-53 Rev. 4 PM-11, SA- 14 ID.BE-4: Dependencies and critical functions for delivery of critical services are established ISO/IEC 27001:2013 A.11.2.2, A.11.2.3, A.12.1.3 NIST SP 800-53 Rev. 4 CP-8, PE-9, PE-11, PM-8, SA-14 ID.BE-5: Resilience requirements to support delivery of critical services are established COBIT 5 DSS04.02 ISO/IEC 27001:2013 A.11.1.4, A.17.1.1, A.17.1.2, A.17.2.1 NIST SP 800-53 Rev. 4 CP-2, CP- 11, SA-14 12
  • 13. Profile Cybersecurity Framework Component 13 Identify Protect Detect Respond Recover Ways to think about a Profile: • A customization of the Core for a given sector, subsector, or organization. • A fusion of business/mission logic and cybersecurity outcomes. • An alignment of cybersecurity requirements with operational methodologies. • A basis for assessment and expressing target state. • A decision support tool for cybersecurity risk management.
  • 14. Supporting Risk Management with Framework 14
  • 15. Framework 7-Step Process • Step 1: Prioritize and Scope • Step 2: Orient • Step 3: Create a Current Profile • Step 4: Conduct a Risk Assessment • Step 5: Create a Target Profile • Step 6: Determine, Analyze, and Prioritize Gaps • Step 7: Implementation Action Plan 15
  • 16. Building a Profile A Profile Can be Created in Three Steps 16 Subcategory 1 2 3 … 98 Mission Objective A B C Cybersecurity Requirements Legislation Regulation Internal & External Policy Best Practice Operating Methodologies Guidance and methodology on implementing, managing, and monitoring 1 2 3
  • 17. Conceptual Profile Value Proposition 17 Cybersecurity Requirements Subcategory Priority Operating Methodologies A 1 moderate I II B C 2 high III D E 3 moderate IV V F … … VI VII G 98 moderate VIII 1 2 3 When you organize yourself in this way: • Compliance reporting becomes a byproduct of running your security operation • Adding new security requirements is straightforward • Adding or changing operational methodology is non- intrusive to on-going operation
  • 18. Resource and Budget Decision Making What Can You Do with a CSF Profile? 18 Sub- category Priority Gaps Budget Year 1 Activities Year 2 Activities 1 moderate small $$$ X 2 high large $$ X 3 moderate medium $ X … … … … 98 moderate none $$ reassess As-Is Year 1 To-Be Year 2 To-Be …and supports on-going operational decisions, too
  • 19. Profile Ecosystem 19 NIST TAXONOMY 1 2 3 ... 98 1 Req A 2 Req B 3 Req C ... ... 98 Req ZZ 1 Req A High 2 Req B Mod 3 Req C Low ... ... ... 98 Req ZZ High REQUIREMENTS PRIORITIES Community Organization or Community Cybersecurity Framework Core Cybersecurity Framework Profile Crosswalks Mappings
  • 20. Key Attributes It’s a framework, not a prescriptive standard • Provides a common language and systematic methodology for managing cyber risk. • Is meant to be adapted. • Does not tell an organization how much cyber risk is tolerable, nor provide “the one and only” formula for cybersecurity. • Enable best practices to become standard practices for everyone via common lexicon to enable action across diverse stakeholders. It’s voluntary It’s a living document • It is intended to be updated as stakeholders learn from implementation, and as technology and risks change…more later. • That’s one reason why the Framework focuses on questions an organization needs to ask itself to manage its risk. While practices, technology, and standards will change over time—principles will not. 20
  • 21. Common Patterns of Use • Integrate the functions into your leadership vocabulary and management tool sets. • Determine optimal risk management using Implementation Tiers. • Measure current risk management using Implementation Tiers. • Reflect on business environment, governance, and risk management strategy categories. • Develop a Profile of cybersecurity priorities, leveraging (Sub)Sector Profiles when available. 21
  • 22. Work in Progress: Framework Roadmap Authentication Automated Indicator Sharing Conformity Assessment Cybersecurity Workforce Data Analytics Federal Agency Cybersecurity Alignment International Aspects, Impacts, and Alignment Supply Chain Risk Management Technical Privacy Standards 22
  • 23. Examples of Framework Industry Resources www.nist.gov/cyberframework/industry-resources The Cybersecurity Framework in Action: An Intel Use Case Energy Sector Cybersecurity Framework Implementation Guidance American Water Works Association’s Process Control System Security Guidance for the Water Sector Cybersecurity Risk Management and Best Practices Working Group 4: Final Report 23 Italy’s National Framework for Cybersecurity
  • 24. Examples of State & Local Use 24 Texas, Department of Information Resources • Aligned Agency Security Plans with Framework • Aligned Product and Service Vendor Requirements with Framework Houston, Greater Houston Partnership • Integrated Framework into their Cybersecurity Guide • Offer On-Line Framework Self-Assessment North Dakota, Information Technology Department • Allocated Roles & Responsibilities using Framework • Adopted the Framework into their Security Operation Strategy National Association of State CIOs • 2 out of 3 CIOs from the 2015 NASCIO Awards cited Framework as a part of their award-winning strategy New Jersey • Developed a cybersecurity framework that aligns controls and procedures with Framework
  • 25. NIST Baldrige Excellence Builders Baldrige Cybersecurity Excellence Builder Manufacturing Service Small Business Education Healthcare Non-profit Cybersecurity (2017) 25 • Self-assessment criteria with basis in Cybersecurity Framework • Complements NIST Baldrige Program’s performance excellence successes. • April 2-5, 2017 - 29th Annual Quest for Excellence Conference • Pre-conference workshop that focuses on cybersecurity will be held on April 2nd - visit: https://www.nist.gov/baldrige/qe
  • 26. Utilizing CSF Informative References to create tailored language for the manufacturing sector • NIST SP 800-53 • NIST SP 800-82 • ISA / IEC 62443 26 www.tiger-global.co.uk NIST Manufacturing Profile NIST Discrete Manufacturing Cybersecurity Framework Profile
  • 27. • NCCoE and United States Coast Guard (USCG) worked together to draft a USCG Maritime Profile, based on the Cybersecurity Framework • Aligns the USCG’s cyber strategy with cybersecurity activities of the maritime bulk liquid transport operations of the oil & natural gas industry, utilizing standards and best practices guided by the Framework • The profile can help individual companies clarify how cybersecurity fits into their mission priorities and how best to allocate resources to secure their information and operational systems. 27 USCG Maritime Bulk Liquids Transfer (BLT) Framework Profile The profile is available at: https://www.uscg.mil/hq/cg5/cg544/docs/Maritime_BLT_CSF.pdf
  • 28. Framework for Improving Critical Infrastructure Cybersecurity and related news, information: www.nist.gov/cyberframework Additional cybersecurity resources: http://csrc.nist.gov/ Questions, comments, ideas: cyberframework@nist.gov Resources Where to Learn More and Stay Current