NIST cybersecurity framework

S
Shriya Rai
NIST CYBERSECURITY FRAMEWORK Prepared By: Shriya rai
CYBERSECURITY FRAMEWORK A collection of finest practices that an organization must follow to manage its cybersecurity risk. Goal of the framework: • Reduce company’s exposure to cyberattacks • Identify areas at higher risk for data breaches • Monitor the compromising activities of cyber criminals
TYPES OF SECURITY FRAMEWORK Control Framework Program Framework Risk Framework
Purpose Control Framework Program Framework Risk Framework Use of the Framework • Identify baseline of controls • Assess state of technical capabilities • Prioritize implementation of controls • Develop an initial roadmap for the security team • Assess state of the overall security program • Build a comprehensive security program • Measure maturity and conduct industry comparisons • Simplify communication with business leaders • Define key process steps for assessing and managing risk • Structure risk management program • Identify, measure and quantify risk • Prioritize security activities
NIST CYBERSECURITY FRAMEWORK There are two frameworks defined under Program Framework: • ISO 27001 • NIST Cyber Security Framework
DEEP DIVE INTO: NIST CYBERSECURITY FRAMEWORK ➢ Composed of three parts: •Core •Implementation Tiers •Profiles ➢ Defines a common language for managing risk •Core has five functions that provide a high-level, strategic view of security lifecycle Identify Protect Detect Respond Recover
HELPS ORGANIZATIONS ASK: What are we doing today ? How are we doing today ? Where do we want to go ? When do we want to go there ?
FRAMEWORK CATEGORIES Function Category Identify Asset Management Business Environment Governance Risk Assessment Risk Management Strategy Supply Chain Risk Management Protect Identify management, Authentication and Access Control Awareness Training Data Security Information Protection Processes and Procedures Maintenance Protective Technology
FRAMEWORK CATEGORIES Function Category Detect Anomalies and events Security continuous monitoring Detection Processes Respond Response Planning Communications Analysis Mitigation Improvements Recover Recover Planning Improvements Communications
REFERENCES How to Make Sense of Cybersecurity Frameworks (RSA Conference2019)’ https://www.nist.gov/cyberframework https://reciprocity.com/resources/what-is-a-cybersecurity-framework/
Thank You
1 sur 11

NIST cybersecurity framework

Télécharger pour lire hors ligne
Business

The NIST Cybersecurity Framework acts as a bridge between the management and Cybersecurity ecosystem.

S
Shriya Rai

Recommandé

NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
49.7K vues39 diapositives
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
22.5K vues36 diapositives
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
1.7K vues22 diapositives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
1.3K vues30 diapositives
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
5.5K vues20 diapositives
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
473 vues23 diapositives

Contenu connexe

Tendances

Tendances(20)

NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service4.8K vues
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl5.1K vues
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan6K vues
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash1K vues
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders26K vues
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
Bill Gardner1.9K vues
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash2.4K vues
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd8.3K vues
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond3.4K vues
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash5.1K vues
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS4.9K vues
Security auditSecurity audit
Security audit
Rosaria Dee1.9K vues
information security managementinformation security management
information security management
Gurpreetkaur838451 vues
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad8.5K vues
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman1.3K vues
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016
Ashley Deuble789 vues
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
Enterprise Management Associates917 vues
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash4.8K vues
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
MetroStar 840 vues
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
Tuan Phan9.5K vues

Similaire à NIST cybersecurity framework

Digital Product SecurityDigital Product Security
Digital Product SecuritySoftServe
818 vues44 diapositives

Similaire à NIST cybersecurity framework(20)

UMASS-NISTCSF-October-2016-Presentation-rev2.pptxUMASS-NISTCSF-October-2016-Presentation-rev2.pptx
UMASS-NISTCSF-October-2016-Presentation-rev2.pptx
Abid Ur Rehman1 vue
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
abhimanyubhogwan156 vues
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint
randalje866.7K vues
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
Scott Baron329 vues
Digital Product SecurityDigital Product Security
Digital Product Security
SoftServe818 vues
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
FitCEO, Inc. (FCI) 237 vues
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.
FitCEO, Inc. (FCI) 354 vues
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP720 vues
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
SLVA Information Security644 vues
CNIT 160 Ch 4a: Information Security ProgramsCNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security Programs
Sam Bowne327 vues
CNIT 160 Ch 4a: Information Security ProgramsCNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security Programs
Sam Bowne159 vues
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP940 vues
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Alan Yau Ti Dun409 vues
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Denim Group834 vues
Implement OpenSAMM on blibli.comImplement OpenSAMM on blibli.com
Implement OpenSAMM on blibli.com
SARCCOM225 vues
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
Brian Matteson, CISSP CISA480 vues
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
Brian Levine553 vues
framework-version-1.1-overview-20180427-for-web-002.pptxframework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptx
AshishRanjan5466446 vues
NCCDC 2019 Standards Presentation.pptxNCCDC 2019 Standards Presentation.pptx
NCCDC 2019 Standards Presentation.pptx
JeffThompson9911322 vues
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
Joseph Wynn282 vues

Plus de Shriya Rai

Plus de Shriya Rai(7)

Dernier

Dernier(20)

Voice Broadcasting - A Web Based Voice PromotionVoice Broadcasting - A Web Based Voice Promotion
Voice Broadcasting - A Web Based Voice Promotion
Nirmal Sharma18 vues
TNR Gold Investor Presentation - Building The Green Energy Metals Royalty and...TNR Gold Investor Presentation - Building The Green Energy Metals Royalty and...
TNR Gold Investor Presentation - Building The Green Energy Metals Royalty and...
Kirill Klip68 vues
NewBase 20 November 2023 Energy News issue - 1675 by Khaled Al Awadi_compre...NewBase 20 November 2023 Energy News issue - 1675 by Khaled Al Awadi_compre...
NewBase 20 November 2023 Energy News issue - 1675 by Khaled Al Awadi_compre...
Khaled Al Awadi16 vues
202311017_UKRAINE_FACT_SHEET_PDA_51.pdf202311017_UKRAINE_FACT_SHEET_PDA_51.pdf
202311017_UKRAINE_FACT_SHEET_PDA_51.pdf
Rbc Rbcua3.1K vues
Car license plate holder.pdfCar license plate holder.pdf
Car license plate holder.pdf
JAWADIQBAL4028 vues
Concierge Services Business PlanConcierge Services Business Plan
Concierge Services Business Plan
Jessica Larson11 vues
How do I select the right EBARA pressure pump for my needs? How do I select the right EBARA pressure pump for my needs?
How do I select the right EBARA pressure pump for my needs?
KK Tech Eco Products13 vues
TOP SEO MISTAKES TO AVOIDTOP SEO MISTAKES TO AVOID
TOP SEO MISTAKES TO AVOID
nihadudigital23 vues
Amazon Music - Market AnalysisAmazon Music - Market Analysis
Amazon Music - Market Analysis
Ana Weathers29 vues
Coomes Consulting Business ProfileCoomes Consulting Business Profile
Coomes Consulting Business Profile
Chris Coomes32 vues
The Business Tycoons(March-2023) - Womens Day MagazineThe Business Tycoons(March-2023) - Womens Day Magazine
The Business Tycoons(March-2023) - Womens Day Magazine
Global India Business Forum14 vues
TNR Gold Shotgun Gold Project PresentationTNR Gold Shotgun Gold Project Presentation
TNR Gold Shotgun Gold Project Presentation
Kirill Klip40 vues
chung chi tam compact chiu axitchung chi tam compact chiu axit
chung chi tam compact chiu axit
MaiThiAnh10 vues
The Business Tycoons(Feb-2023) - National Awards for Business Excellence 2023...The Business Tycoons(Feb-2023) - National Awards for Business Excellence 2023...
The Business Tycoons(Feb-2023) - National Awards for Business Excellence 2023...
Global India Business Forum16 vues
Muhammad Al Farizi_ParkWise.pptxMuhammad Al Farizi_ParkWise.pptx
Muhammad Al Farizi_ParkWise.pptx
Muhammad Al Farizi68 vues
Group and Teams: Increasing Cooperation and Reducing Conflict Group and Teams: Increasing Cooperation and Reducing Conflict
Group and Teams: Increasing Cooperation and Reducing Conflict
Seta Wicaksana9 vues
Ceramic Grinding Roller.pdfCeramic Grinding Roller.pdf
Ceramic Grinding Roller.pdf
TomasChien217 vues
Corporate DeckCorporate Deck
Corporate Deck
Equinox Gold Corp.228 vues
Strategies for Responsible and Efficient Waste DisposalStrategies for Responsible and Efficient Waste Disposal
Strategies for Responsible and Efficient Waste Disposal
AlfredoRaylan61 vues
How to get your business featured on Forbes - Business Show 23How to get your business featured on Forbes - Business Show 23
How to get your business featured on Forbes - Business Show 23
Quibble20 vues

NIST cybersecurity framework

  • 2. CYBERSECURITY FRAMEWORK A collection of finest practices that an organization must follow to manage its cybersecurity risk. Goal of the framework: • Reduce company’s exposure to cyberattacks • Identify areas at higher risk for data breaches • Monitor the compromising activities of cyber criminals
  • 4. Purpose Control Framework Program Framework Risk Framework Use of the Framework • Identify baseline of controls • Assess state of technical capabilities • Prioritize implementation of controls • Develop an initial roadmap for the security team • Assess state of the overall security program • Build a comprehensive security program • Measure maturity and conduct industry comparisons • Simplify communication with business leaders • Define key process steps for assessing and managing risk • Structure risk management program • Identify, measure and quantify risk • Prioritize security activities
  • 5. NIST CYBERSECURITY FRAMEWORK There are two frameworks defined under Program Framework: • ISO 27001 • NIST Cyber Security Framework
  • 6. DEEP DIVE INTO: NIST CYBERSECURITY FRAMEWORK ➢ Composed of three parts: •Core •Implementation Tiers •Profiles ➢ Defines a common language for managing risk •Core has five functions that provide a high-level, strategic view of security lifecycle Identify Protect Detect Respond Recover
  • 7. HELPS ORGANIZATIONS ASK: What are we doing today ? How are we doing today ? Where do we want to go ? When do we want to go there ?
  • 8. FRAMEWORK CATEGORIES Function Category Identify Asset Management Business Environment Governance Risk Assessment Risk Management Strategy Supply Chain Risk Management Protect Identify management, Authentication and Access Control Awareness Training Data Security Information Protection Processes and Procedures Maintenance Protective Technology
  • 9. FRAMEWORK CATEGORIES Function Category Detect Anomalies and events Security continuous monitoring Detection Processes Respond Response Planning Communications Analysis Mitigation Improvements Recover Recover Planning Improvements Communications
  • 10. REFERENCES How to Make Sense of Cybersecurity Frameworks (RSA Conference2019)’ https://www.nist.gov/cyberframework https://reciprocity.com/resources/what-is-a-cybersecurity-framework/