Priyanka Aash, profile picture
Uploaded byPriyanka Aash
2,173 views

NIST CSF Overview

The document outlines the objectives and components of the NIST Cybersecurity Framework (CSF), emphasizing its role in assessing and improving organizational security postures. It describes key elements such as the framework core functions—identify, protect, detect, respond, and recover—alongside implementation tiers that reflect the organization’s risk perception and management. The CSF enhances communication around cybersecurity by providing a structured approach to measure and achieve desired security outcomes while aligning with existing regulations and standards.

Embed presentation

NIST CSF CP 100 - Pune
Objectives of CSF in a Nutshell Describe Current Security Posture Describe Target Security Posture Continuous Improvement Assess Progress towards Target Posture Communicate Risk
A framework of Frameworks ISA62443 ISO/IEC 27001 CCS CSC1 NIST SP 800 - 53 COBIT 5 NIST cyber security Framework
Framework Profile (Where you are and where you want to go) Framework Implementation Tiers (How you view cybersecurity) Framework Core (What it does) •Defines (measures) current state •Defines (measures) desired state •Tiers (4) that show how cybersecurity risks and processes are viewed within an organization •Required Tier based on perceived risk/benefit analysis •Identify •Protect •Detect •Restore •Recover High Level overview of the framework
Framework Core Identify Detect RespondRecover Protect The Framework Core
Framework core functions explained.. Identify • Understand what’s important to the business and what the risks are Protect • Develop safeguards to ensure CIA Detect • Find bad things Respond • What you do when bad things happen Recover • How to restore what the bad guys broke
Structure Microsoft Excel Worksheet
Function Unique Identifier Function Category Unique Identifier Category Subcategor y Informative References ID Identify ID.AM-1 Asset Manageme nt Physical devices within the organization are inventoried • CCS- CSC1 • COBIT 5 • ISA- 62443-2- 1:2009 ID.AM-2 Asset Manageme nt Software Platforms and Applications within the organization are inventoried • CCS- CSC1 • COBIT 5 • ISA- 62443-2- 1:2009 Structured example
Framework Implementation Tiers • How cybersecurity risks and processes are viewed within organization Partial Risk Informed Repeatable Adaptable Sophistication
Framework profile • Presents overview of present and future cybersecurity posture – Business Requirements – Risk Tolerance – Resources • Used to define current state and desired state – Can help measure progress...
A Common Language for All Levels Priorities Risk Appetite Budget Framework Profile Implementation Progress Vulnerabilities, Threats, Assets Status, Changes in Risk Executive Level Focus: Organizational risk Actions: Risk Decision/Priority Operations Level Focus: Risk Management Implementation Actions: Secure Infrastructure, Implement Profile Process Level Focus: Risk Management Actions: Select Profile, Allocate Budget
Process Prioritize and Scope Business Objectives Priorities Strategy Orient Related Systems Assets Regulations Risk Assessment Exposure Tolerance Create Current Profile Where you are now Create Target Profile Where you need to be Gap Analysis Delta between Current/Target Action Plan MEASURE
How is NIST CSF Different? • Expresses cybersecurity activities in a common language • Leverages existing standards – does not reinvent the wheel – can map existing processes/guidelines into CSF • Provides crucial guidance for reinforcing security controls while maintaining a focus on business objectives • Provides a vehicle to effectively measure cybersecurity effectiveness independent of existing framework
Thank you

More Related Content

PPTX
Cyber Threat Intelligence.pptx
byAbimbolaFisher1
 
PDF
Threat Modelling
byn|u - The Open Security Community
 
PDF
Lessons Learned from the NIST CSF
byDigital Bond
 
PDF
NIST Cybersecurity Framework 101
byErick Kish, U.S. Commercial Service
 
PPTX
How to implement NIST cybersecurity standards in my organization
byExigent Technologies LLC
 
PPTX
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
PDF
From NIST CSF 1.1 to 2.0.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PDF
Security operations center-SOC Presentation-مرکز عملیات امنیت
byReZa AdineH
 
Cyber Threat Intelligence.pptx
byAbimbolaFisher1
 
Threat Modelling
byn|u - The Open Security Community
 
Lessons Learned from the NIST CSF
byDigital Bond
 
NIST Cybersecurity Framework 101
byErick Kish, U.S. Commercial Service
 
How to implement NIST cybersecurity standards in my organization
byExigent Technologies LLC
 
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
From NIST CSF 1.1 to 2.0.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
byReZa AdineH
 

What's hot

PPTX
NIST Critical Security Framework (CSF)
byPriyanka Aash
 
PDF
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
PDF
NIST Cybersecurity Framework (CSF) 2.0 Workshop
byBachir Benyammi
 
PDF
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PDF
Building a Next-Generation Security Operations Center (SOC)
bySqrrl
 
PDF
NIST cybersecurity framework
byShriya Rai
 
PPTX
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
PPTX
Threat Hunting - Moving from the ad hoc to the formal
byPriyanka Aash
 
PPTX
Rothke rsa 2012 building a security operations center (soc)
byBen Rothke
 
PPTX
NIST CyberSecurity Framework: An Overview
byTandhy Simanjuntak
 
PPTX
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
PPTX
Intro to Security in SDLC
byTjylen Veselyj
 
PPTX
Secure SDLC Framework
byRishi Kant
 
PPTX
Enterprise Security Architecture Design
byPriyanka Aash
 
PPTX
Cyber Threat Hunting: Identify and Hunt Down Intruders
byInfosec
 
PDF
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
byPriyanka Aash
 
PDF
Cyber Threat Intelligence
bymohamed nasri
 
PPTX
SEIM-Microsoft Sentinel.pptx
byAmrMousa51
 
PPTX
7 Steps to Threat Modeling
byDanny Wong
 
PDF
1. Security and Risk Management
bySam Bowne
 
NIST Critical Security Framework (CSF)
byPriyanka Aash
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
byBachir Benyammi
 
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Building a Next-Generation Security Operations Center (SOC)
bySqrrl
 
NIST cybersecurity framework
byShriya Rai
 
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
Threat Hunting - Moving from the ad hoc to the formal
byPriyanka Aash
 
Rothke rsa 2012 building a security operations center (soc)
byBen Rothke
 
NIST CyberSecurity Framework: An Overview
byTandhy Simanjuntak
 
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
Intro to Security in SDLC
byTjylen Veselyj
 
Secure SDLC Framework
byRishi Kant
 
Enterprise Security Architecture Design
byPriyanka Aash
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
byInfosec
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
byPriyanka Aash
 
Cyber Threat Intelligence
bymohamed nasri
 
SEIM-Microsoft Sentinel.pptx
byAmrMousa51
 
7 Steps to Threat Modeling
byDanny Wong
 
1. Security and Risk Management
bySam Bowne
 

Similar to NIST CSF Overview

PPTX
Keynote Session : NIST - Cyber Security Framework Measuring Security
byPriyanka Aash
 
PPTX
Conducting a NIST Cybersecurity Framework (CSF) Assessment
byNicholas Davis
 
PPTX
NIST_Cybersecurity_Framework_2.0.pptxework_2.0.pptx
bygadisaAdamu
 
PDF
National Institute of Standards and Technology (NIST) Cybersecurity Framework...
byMichaelBenis1
 
PPTX
DOC-20250530-WA0008.pptx.................
bysalmannawaz6566504
 
PDF
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
bycsandit
 
PPTX
UMASS-NISTCSF-October-2016-Presentation-rev2.pptx
byAbid Ur Rehman
 
PDF
NIST to CSF to ISO or EC 27002 2022 with NIST
byebonyman0007
 
PDF
An essential collection of rules designed to help businesses manage and reduc...
byNepal Realistic Solution Pvt. Ltd.
 
PDF
NIST critical_infrastructure_cybersecurity.pdf
byssuserb3094b
 
PDF
Cybersecurity Framework - What are Pundits Saying?
byJim Meyer
 
PPTX
NIST Cybersecurity Framework (CSF) on the Public Cloud
byCloudHesive
 
PPTX
NIST_Framework_overview_20150219 YEAR 2015
bymagesh527916
 
PPTX
Cybersecurity Framework - Introduction
byMuhammad Akbar Yasin
 
PPTX
How to Use the NIST CSF to Recover from a Healthcare Breach
bySymantec
 
PDF
NISTs Cybersecurity Framework -- Comparison with Best Practice
byDavid Ochel
 
PDF
CSF_2.0_Concept_Paper_01-18-23.pdf
byDavidUgaz2
 
PPTX
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
bySarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
PDF
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
byCohesive Networks
 
PPTX
Components of Cybersecurity Framework
byOmerZia11
 
Keynote Session : NIST - Cyber Security Framework Measuring Security
byPriyanka Aash
 
Conducting a NIST Cybersecurity Framework (CSF) Assessment
byNicholas Davis
 
NIST_Cybersecurity_Framework_2.0.pptxework_2.0.pptx
bygadisaAdamu
 
National Institute of Standards and Technology (NIST) Cybersecurity Framework...
byMichaelBenis1
 
DOC-20250530-WA0008.pptx.................
bysalmannawaz6566504
 
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
bycsandit
 
UMASS-NISTCSF-October-2016-Presentation-rev2.pptx
byAbid Ur Rehman
 
NIST to CSF to ISO or EC 27002 2022 with NIST
byebonyman0007
 
An essential collection of rules designed to help businesses manage and reduc...
byNepal Realistic Solution Pvt. Ltd.
 
NIST critical_infrastructure_cybersecurity.pdf
byssuserb3094b
 
Cybersecurity Framework - What are Pundits Saying?
byJim Meyer
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
byCloudHesive
 
NIST_Framework_overview_20150219 YEAR 2015
bymagesh527916
 
Cybersecurity Framework - Introduction
byMuhammad Akbar Yasin
 
How to Use the NIST CSF to Recover from a Healthcare Breach
bySymantec
 
NISTs Cybersecurity Framework -- Comparison with Best Practice
byDavid Ochel
 
CSF_2.0_Concept_Paper_01-18-23.pdf
byDavidUgaz2
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
bySarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
byCohesive Networks
 
Components of Cybersecurity Framework
byOmerZia11
 

More from Priyanka Aash

PPTX
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
PDF
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
PDF
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
PDF
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
PDF
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
PDF
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
PDF
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
PDF
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
PDF
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
PDF
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
PDF
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
PDF
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
PDF
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
PDF
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
PDF
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
PDF
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
PDF
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 

Recently uploaded

PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PDF
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
PPTX
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
PPTX
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
PDF
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
PPTX
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
PDF
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
PPTX
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
PDF
Saga: The new era of transactions in a microservices architecture
byGiovanni Marigi
 
PDF
Requestly or Postman: What’s the Right API Tool for Your Team?
byhenrycavill30521
 
PDF
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
PDF
Using Change Data Capture (CDC) to Ingest Data into Apache Kafka
byGiovanni Marigi
 
PDF
SAP WalkMe Overview.pdf SAP WalkMe Overview.pdf
byMurniatiSimbolon2
 
PPTX
How Blockchain Application Development Enables Trustless Digital Ecosystems.pptx
byLisa ward
 
PPTX
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
PDF
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
PDF
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
PPTX
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
PPTX
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
Saga: The new era of transactions in a microservices architecture
byGiovanni Marigi
 
Requestly or Postman: What’s the Right API Tool for Your Team?
byhenrycavill30521
 
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
Using Change Data Capture (CDC) to Ingest Data into Apache Kafka
byGiovanni Marigi
 
SAP WalkMe Overview.pdf SAP WalkMe Overview.pdf
byMurniatiSimbolon2
 
How Blockchain Application Development Enables Trustless Digital Ecosystems.pptx
byLisa ward
 
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 

NIST CSF Overview

  • 1.
  • 2.
    Objectives of CSFin a Nutshell Describe Current Security Posture Describe Target Security Posture Continuous Improvement Assess Progress towards Target Posture Communicate Risk
  • 3.
    A framework ofFrameworks ISA62443 ISO/IEC 27001 CCS CSC1 NIST SP 800 - 53 COBIT 5 NIST cyber security Framework
  • 4.
    Framework Profile (Where youare and where you want to go) Framework Implementation Tiers (How you view cybersecurity) Framework Core (What it does) •Defines (measures) current state •Defines (measures) desired state •Tiers (4) that show how cybersecurity risks and processes are viewed within an organization •Required Tier based on perceived risk/benefit analysis •Identify •Protect •Detect •Restore •Recover High Level overview of the framework
  • 5.
  • 6.
    Framework core functionsexplained.. Identify • Understand what’s important to the business and what the risks are Protect • Develop safeguards to ensure CIA Detect • Find bad things Respond • What you do when bad things happen Recover • How to restore what the bad guys broke
  • 7.
  • 8.
    Function Unique Identifier Function Category Unique Identifier Category Subcategor y Informative References ID Identify ID.AM-1 Asset Manageme nt Physical devices within the organization are inventoried •CCS- CSC1 • COBIT 5 • ISA- 62443-2- 1:2009 ID.AM-2 Asset Manageme nt Software Platforms and Applications within the organization are inventoried • CCS- CSC1 • COBIT 5 • ISA- 62443-2- 1:2009 Structured example
  • 9.
    Framework Implementation Tiers •How cybersecurity risks and processes are viewed within organization Partial Risk Informed Repeatable Adaptable Sophistication
  • 10.
    Framework profile • Presentsoverview of present and future cybersecurity posture – Business Requirements – Risk Tolerance – Resources • Used to define current state and desired state – Can help measure progress...
  • 11.
    A Common Languagefor All Levels Priorities Risk Appetite Budget Framework Profile Implementation Progress Vulnerabilities, Threats, Assets Status, Changes in Risk Executive Level Focus: Organizational risk Actions: Risk Decision/Priority Operations Level Focus: Risk Management Implementation Actions: Secure Infrastructure, Implement Profile Process Level Focus: Risk Management Actions: Select Profile, Allocate Budget
  • 12.
    Process Prioritize and Scope Business Objectives Priorities Strategy Orient Related Systems AssetsRegulations Risk Assessment Exposure Tolerance Create Current Profile Where you are now Create Target Profile Where you need to be Gap Analysis Delta between Current/Target Action Plan MEASURE
  • 13.
    How is NISTCSF Different? • Expresses cybersecurity activities in a common language • Leverages existing standards – does not reinvent the wheel – can map existing processes/guidelines into CSF • Provides crucial guidance for reinforcing security controls while maintaining a focus on business objectives • Provides a vehicle to effectively measure cybersecurity effectiveness independent of existing framework
  • 14.