SlideShare a Scribd company logo

Standards & Framework.ppt

Download as PPT, PDF
K
karthikvcyber

standard

Education
1 of 20
by Erlan Bakiev, Ph.D. Cyber security standards and Controls
 Cybersecurity standards are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization.  This environment includes:  users themselves  networks  devices  all software  processes  information in storage or transit  applications  services  systems that can be connected directly or indirectly to networks Cybersecurity standards
 The principal objective:  to reduce the risks  including prevention or mitigation of cyber-attacks. These published materials consist of collections of:  tools,  Policies  security concepts  security safeguards  guidelines,  risk management approaches,  actions,  training,  best practices,  assurance and technologies. Cybersecurity standards cont.
 Cyber security frameworks are sets of documents describing guidelines, standards, and best practices designed for cyber security risk management. The frameworks exist to reduce an organization's exposure to weaknesses and vulnerabilities that hackers and other cyber criminals may exploit. What is a Cyber Security Framework?
 The NIST Cybersecurity Framework (NIST CSF) provides a policy framework of computer security guidance for how private sector organizations in the US can assess and improve their ability to prevent, detect, and respond to cyber attacks.  It provides a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.  It is intended to help private sector organizations that provide critical infrastructure with guidance on how to protect it, along with relevant protections for privacy and civil liberties. NIST Cybersecurity Framework (NIST CSF)
 SO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an information security management system (ISMS) standard, of which the last revision was published in October 2013 by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC).  Its full name is ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements.  ISO/IEC 27001 formally specifies a management system that is intended to bring information security under explicit management control. ISO/IEC 27001 and 27002
 ISO/IEC 27002 incorporates mainly part 1 of the BS 7799 good security management practice standard.  The latest versions of BS 7799 is BS 7799-3.  ISO/IEC 27002 is a high level guide to cybersecurity.  It is most beneficial as explanatory guidance for the management of an organization to obtain certification to the ISO/IEC 27001 standard.  The certification once obtained lasts three years.  Depending on the auditing organization, no or some intermediate audits may be carried out during the three years. ISO/IEC 27001 and 27002 Cont.
 The Payment Card Industry Data Security Standard (PCI DSS) is a global framework for any organization that processes, stores, or transmits cardholder information. Launched in 2004 by major credit card companies American Express, Discover, JCB, MasterCard, and VISA, the framework aims to keep cardholder information safe and reduce fraud.  To do this, PCI DSS outlines four compliance levels, depending on the organization’s transactions per annum, and 12 required steps that meet security best practices. PCI DSS
 HIPAA cybersecurity frameworks for patients’ protected health information (PHI).  The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal legislation for healthcare compliance. An act of the US Congress created by lawyers and lawmakers, HIPAA applies to “covered entities,” including health providers, health plans and insurance companies, and health clearinghouses. Although there’s no official certification, HIPAA compliance is enforced by the US Department of Health and Human Services’ Office for Civil Rights (OCR). HIPPA
 The Sarbane-Oxley IT General Controls (SOX ITGC) is a subset of the broader Sarbane-Oxley Act and sets financial report requirements for all companies preparing for an initial public offering (IPO) or publicly traded companies across all industries.  SOX ITGC attests to the integrity of the data and processes of internal financial reporting controls, including applications, operating systems, databases, and the supporting IT infrastructure. Controls in this framework encompass access to programs and data, program changes, computer operations, and program development. SOX
 The General Data Protection Regulation (GDPR) is a framework passed by the European Union (EU) to protect the data privacy and security of its citizens. Enacted in 2016, the GDPR impacts all organizations that collect and process the data of EU citizens, regardless of where the company is located. GDPR
 Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. Security controls
 According to the time that they act, relative to a security incident:  Before the event, preventive controls are intended to prevent an incident from occurring e.g. by locking out unauthorized intruders;  During the event, detective controls are intended to identify and characterize an incident in progress e.g. by sounding the intruder alarm and alerting the security guards or police;  After the event, corrective controls are intended to limit the extent of any damage caused by the incident e.g. by recovering the organization to normal working status as efficiently as possible. Classification of Security controls
 According to their nature:  Physical controls e.g. fences, doors, locks and fire extinguishers;  Procedural controls e.g. incident response processes, management oversight, security awareness and training;  Technical controls e.g. user authentication (login) and logical access controls, antivirus software, firewalls;  Legal and regulatory or compliance controls e.g. privacy laws, policies and clauses. Classification of Security controls Cont.
 ISO/IEC 27001 specifies 114 controls in 14 groups:  A.5: Information security policies  A.6: How information security is organized  A.7: Human resources security - controls that are applied before, during, or after employment.  A.8: Asset management  A.9: Access controls and managing user access  A.10: Cryptographic technology  A.11: Physical security of the organization's sites and equipment  A.12: Operational security  A.13: Secure communications and data transfer  A.14: Secure acquisition, development, and support of information systems  A.15: Security for suppliers and third parties  A.16: Incident management  A.17: Business continuity/disaster recovery (to the extent that it affects information security)  A.18: Compliance - with internal requirements, such as policies, and with external requirements, such as laws. International information security standards
 From NIST Special Publication SP 800-53 revision 4.  AC Access Control.  AT Awareness and Training.  AU Audit and Accountability.  CA Security Assessment and Authorization. (historical abbreviation)  CM Configuration Management.  CP Contingency Planning.  IA Identification and Authentication.  IR Incident Response.  MA Maintenance.  MP Media Protection.  PE Physical and Environmental Protection.  PL Planning.  PS Personnel Security.  RA Risk Assessment.  SA System and Services Acquisition.  SC System and Communications Protection.  SI System and Information Integrity.  PM Program Management. U.S. Federal Government information security standards
Thank you

Recommended

Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxKinetic Potential
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
Compare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesCompare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesLearningwithRayYT
 
5 Standards And Recommendations For Information Security On Internet
5 Standards And Recommendations For Information Security On Internet5 Standards And Recommendations For Information Security On Internet
5 Standards And Recommendations For Information Security On InternetAna Meskovska
 
The IT Analysis Paralysis
The IT Analysis Paralysis The IT Analysis Paralysis
The IT Analysis Paralysis PYA, P.C.
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 

Recommended

Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxKinetic Potential
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
Compare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesCompare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesLearningwithRayYT
 
5 Standards And Recommendations For Information Security On Internet
5 Standards And Recommendations For Information Security On Internet5 Standards And Recommendations For Information Security On Internet
5 Standards And Recommendations For Information Security On InternetAna Meskovska
 
The IT Analysis Paralysis
The IT Analysis Paralysis The IT Analysis Paralysis
The IT Analysis Paralysis PYA, P.C.
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxsoulscout02
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxkevlekalakala
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Leon Blum
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standardsautomatskicorporation
 
CCA study group
CCA study groupCCA study group
CCA study groupIIBA UK Chapter
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureThilak Pathirage -Senior IT Gov and Risk Consultant
 
Is iso 27001-an-answer-to-security
Is iso 27001-an-answer-to-securityIs iso 27001-an-answer-to-security
Is iso 27001-an-answer-to-securityRamana K V
 
Is iso 27001, an answer to security
Is iso 27001, an answer to securityIs iso 27001, an answer to security
Is iso 27001, an answer to securityRaghunath G
 
ISO/IEC 27001.pdf
ISO/IEC 27001.pdfISO/IEC 27001.pdf
ISO/IEC 27001.pdfLiiewaOfficial
 
What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?sohailAhmad304
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdf1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdfChunLei(peter) Che
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & complianceVandana Verma
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceValdez Ladd MBA, CISSP, CISA,
 
Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...karthikvcyber
 
Security Information Event Management Security Information Event Management
Security Information Event Management Security Information Event ManagementSecurity Information Event Management Security Information Event Management
Security Information Event Management Security Information Event Managementkarthikvcyber
 

More Related Content

Similar to Standards & Framework.ppt

A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxsoulscout02
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxkevlekalakala
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Leon Blum
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standardsautomatskicorporation
 
Is iso 27001-an-answer-to-security
Is iso 27001-an-answer-to-securityIs iso 27001-an-answer-to-security
Is iso 27001-an-answer-to-securityRamana K V
 
Is iso 27001, an answer to security
Is iso 27001, an answer to securityIs iso 27001, an answer to security
Is iso 27001, an answer to securityRaghunath G
 
What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?sohailAhmad304
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdf1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdfChunLei(peter) Che
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & complianceVandana Verma
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceValdez Ladd MBA, CISSP, CISA,
 

Similar to Standards & Framework.ppt (20)

A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
 
CCA study group
CCA study groupCCA study group
CCA study group
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
Is iso 27001-an-answer-to-security
Is iso 27001-an-answer-to-securityIs iso 27001-an-answer-to-security
Is iso 27001-an-answer-to-security
 
Is iso 27001, an answer to security
Is iso 27001, an answer to securityIs iso 27001, an answer to security
Is iso 27001, an answer to security
 
ISO/IEC 27001.pdf
ISO/IEC 27001.pdfISO/IEC 27001.pdf
ISO/IEC 27001.pdf
 
What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
 
Information Security
Information SecurityInformation Security
Information Security
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdf1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdf
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the foll
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & compliance
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
 

More from karthikvcyber

Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...karthikvcyber
 
Security Information Event Management Security Information Event Management
Security Information Event Management Security Information Event ManagementSecurity Information Event Management Security Information Event Management
Security Information Event Management Security Information Event Managementkarthikvcyber
 
cybersecuritycybersecuritycybersecuritycybersecurity
cybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecurity
cybersecuritycybersecuritycybersecuritycybersecuritykarthikvcyber
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdfkarthikvcyber
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxkarthikvcyber
 
cryptography-Final.pptx
cryptography-Final.pptxcryptography-Final.pptx
cryptography-Final.pptxkarthikvcyber
 
fileanddirectory-PID.pptx
fileanddirectory-PID.pptxfileanddirectory-PID.pptx
fileanddirectory-PID.pptxkarthikvcyber
 
IP_Subnet training.pptx
IP_Subnet training.pptxIP_Subnet training.pptx
IP_Subnet training.pptxkarthikvcyber
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptxkarthikvcyber
 

More from karthikvcyber (20)

Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...
 
Security Information Event Management Security Information Event Management
Security Information Event Management Security Information Event ManagementSecurity Information Event Management Security Information Event Management
Security Information Event Management Security Information Event Management
 
cybersecuritycybersecuritycybersecuritycybersecurity
cybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecuritycybersecurity
cybersecuritycybersecuritycybersecuritycybersecurity
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdf
 
OSINT.pptx
OSINT.pptxOSINT.pptx
OSINT.pptx
 
Encrypto.pptx
Encrypto.pptxEncrypto.pptx
Encrypto.pptx
 
PID-PPID.pptx
PID-PPID.pptxPID-PPID.pptx
PID-PPID.pptx
 
Authentication.pptx
Authentication.pptxAuthentication.pptx
Authentication.pptx
 
SIEM.pptx
SIEM.pptxSIEM.pptx
SIEM.pptx
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
cryptography-Final.pptx
cryptography-Final.pptxcryptography-Final.pptx
cryptography-Final.pptx
 
fileanddirectory-PID.pptx
fileanddirectory-PID.pptxfileanddirectory-PID.pptx
fileanddirectory-PID.pptx
 
CS_Tuto.ppt
CS_Tuto.pptCS_Tuto.ppt
CS_Tuto.ppt
 
Vuln.ppt
Vuln.pptVuln.ppt
Vuln.ppt
 
IP_Subnet training.pptx
IP_Subnet training.pptxIP_Subnet training.pptx
IP_Subnet training.pptx
 
Authorisation.pptx
Authorisation.pptxAuthorisation.pptx
Authorisation.pptx
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
CCNP.ppt
CCNP.pptCCNP.ppt
CCNP.ppt
 
subnet.pptx
subnet.pptxsubnet.pptx
subnet.pptx
 
OSI TCP-IP.pptx
OSI TCP-IP.pptxOSI TCP-IP.pptx
OSI TCP-IP.pptx
 

Recently uploaded

What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationAadityaSharma884161
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxLigayaBacuel1
 

Recently uploaded (20)

What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint Presentation
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptx
 
Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"
 

Standards & Framework.ppt

  • 1. by Erlan Bakiev, Ph.D. Cyber security standards and Controls
  • 2.  Cybersecurity standards are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization.  This environment includes:  users themselves  networks  devices  all software  processes  information in storage or transit  applications  services  systems that can be connected directly or indirectly to networks Cybersecurity standards
  • 3.  The principal objective:  to reduce the risks  including prevention or mitigation of cyber-attacks. These published materials consist of collections of:  tools,  Policies  security concepts  security safeguards  guidelines,  risk management approaches,  actions,  training,  best practices,  assurance and technologies. Cybersecurity standards cont.
  • 4.  Cyber security frameworks are sets of documents describing guidelines, standards, and best practices designed for cyber security risk management. The frameworks exist to reduce an organization's exposure to weaknesses and vulnerabilities that hackers and other cyber criminals may exploit. What is a Cyber Security Framework?
  • 5.  The NIST Cybersecurity Framework (NIST CSF) provides a policy framework of computer security guidance for how private sector organizations in the US can assess and improve their ability to prevent, detect, and respond to cyber attacks.  It provides a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.  It is intended to help private sector organizations that provide critical infrastructure with guidance on how to protect it, along with relevant protections for privacy and civil liberties. NIST Cybersecurity Framework (NIST CSF)
  • 6.  SO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an information security management system (ISMS) standard, of which the last revision was published in October 2013 by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC).  Its full name is ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements.  ISO/IEC 27001 formally specifies a management system that is intended to bring information security under explicit management control. ISO/IEC 27001 and 27002
  • 7.  ISO/IEC 27002 incorporates mainly part 1 of the BS 7799 good security management practice standard.  The latest versions of BS 7799 is BS 7799-3.  ISO/IEC 27002 is a high level guide to cybersecurity.  It is most beneficial as explanatory guidance for the management of an organization to obtain certification to the ISO/IEC 27001 standard.  The certification once obtained lasts three years.  Depending on the auditing organization, no or some intermediate audits may be carried out during the three years. ISO/IEC 27001 and 27002 Cont.
  • 8.  The Payment Card Industry Data Security Standard (PCI DSS) is a global framework for any organization that processes, stores, or transmits cardholder information. Launched in 2004 by major credit card companies American Express, Discover, JCB, MasterCard, and VISA, the framework aims to keep cardholder information safe and reduce fraud.  To do this, PCI DSS outlines four compliance levels, depending on the organization’s transactions per annum, and 12 required steps that meet security best practices. PCI DSS
  • 9.  HIPAA cybersecurity frameworks for patients’ protected health information (PHI).  The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal legislation for healthcare compliance. An act of the US Congress created by lawyers and lawmakers, HIPAA applies to “covered entities,” including health providers, health plans and insurance companies, and health clearinghouses. Although there’s no official certification, HIPAA compliance is enforced by the US Department of Health and Human Services’ Office for Civil Rights (OCR). HIPPA
  • 10.  The Sarbane-Oxley IT General Controls (SOX ITGC) is a subset of the broader Sarbane-Oxley Act and sets financial report requirements for all companies preparing for an initial public offering (IPO) or publicly traded companies across all industries.  SOX ITGC attests to the integrity of the data and processes of internal financial reporting controls, including applications, operating systems, databases, and the supporting IT infrastructure. Controls in this framework encompass access to programs and data, program changes, computer operations, and program development. SOX
  • 11.  The General Data Protection Regulation (GDPR) is a framework passed by the European Union (EU) to protect the data privacy and security of its citizens. Enacted in 2016, the GDPR impacts all organizations that collect and process the data of EU citizens, regardless of where the company is located. GDPR
  • 12.  Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. Security controls
  • 13.  According to the time that they act, relative to a security incident:  Before the event, preventive controls are intended to prevent an incident from occurring e.g. by locking out unauthorized intruders;  During the event, detective controls are intended to identify and characterize an incident in progress e.g. by sounding the intruder alarm and alerting the security guards or police;  After the event, corrective controls are intended to limit the extent of any damage caused by the incident e.g. by recovering the organization to normal working status as efficiently as possible. Classification of Security controls
  • 14.  According to their nature:  Physical controls e.g. fences, doors, locks and fire extinguishers;  Procedural controls e.g. incident response processes, management oversight, security awareness and training;  Technical controls e.g. user authentication (login) and logical access controls, antivirus software, firewalls;  Legal and regulatory or compliance controls e.g. privacy laws, policies and clauses. Classification of Security controls Cont.
  • 15.  ISO/IEC 27001 specifies 114 controls in 14 groups:  A.5: Information security policies  A.6: How information security is organized  A.7: Human resources security - controls that are applied before, during, or after employment.  A.8: Asset management  A.9: Access controls and managing user access  A.10: Cryptographic technology  A.11: Physical security of the organization's sites and equipment  A.12: Operational security  A.13: Secure communications and data transfer  A.14: Secure acquisition, development, and support of information systems  A.15: Security for suppliers and third parties  A.16: Incident management  A.17: Business continuity/disaster recovery (to the extent that it affects information security)  A.18: Compliance - with internal requirements, such as policies, and with external requirements, such as laws. International information security standards
  • 16.  From NIST Special Publication SP 800-53 revision 4.  AC Access Control.  AT Awareness and Training.  AU Audit and Accountability.  CA Security Assessment and Authorization. (historical abbreviation)  CM Configuration Management.  CP Contingency Planning.  IA Identification and Authentication.  IR Incident Response.  MA Maintenance.  MP Media Protection.  PE Physical and Environmental Protection.  PL Planning.  PS Personnel Security.  RA Risk Assessment.  SA System and Services Acquisition.  SC System and Communications Protection.  SI System and Information Integrity.  PM Program Management. U.S. Federal Government information security standards
  • 17.
  • 18.
  • 19.