SlideShare uma empresa Scribd logo

NIST Cybersecurity Framework Intro for ISACA Richmond Chapter

Tuan Phan
Tuan Phan

Introduction ot NIST Cybersecurity Framework presented to ISACA Richmond Chapter

TecnologiaNegócios
1 de 41
Baixar para ler offline
NIST Cybersecurity Framework Tuan Phan Trusted Integration, Inc. February 2014
Introducing Trusted Integration, Inc. • • • • • 2 Alexandria-based small business, founded in 2001 Core focus on creating adaptive, scalable, and cost-effective Governance, Risk & Compliance (GRC) Solutions. Privately-held Profitable Deep relationships with Security, Risk and Technology Communities:
The Leading Brand for Government GRC • 2013 Golden Bridge Technology Recipient for: – Gold Award for Government Compliance Solution – Silver Award for Governance, Risk and Compliance Solution • 3 Several Government Agencies and Commercial Enterprises depend on TrustedAgent GRC.
What is Cybersecurity Framework • Voluntary risk-management approach • Guidance to manage cybersecurity risk • Encourage organizations to consider cybersecurity risk and their impact on the organization similar to: – Financial risk – Operational risk – Safety risk • Does not displace or substitute for governing regulations applicable to the organizations: – – – – 4 HIPAA-HITECH NERC CIP PCI DSS FFIEC
What is Cybersecurity Framework (cont’d) • Collaborative in nature: – – – – 5 Incorporating over 2,700 comments since original RFI. From EO 13636 until preliminary framework took over 8 months Major road shows for NIST covering 5 major locations across US When release, the final framework will have taken over a year to develop.
Goals of the Framework • Adaptable, flexible, and scalable • Improve organization’s readiness for managing cybersecurity risk • Actionable across the enterprise • Flexible, repeatable and performance-based • Cost-effective • Leverage standards, methodologies and processes • Promote technology innovation • Focus on outcomes 6
Applicability • Critical infrastructure (CI) community – Owners – Operators • Covers 16 critical infrastructure sectors: Raise your hand if your sector is not listed 7
Key Parts of the Framework Core Profile 8 Implementation Tiers
Framework Core • • • • Details cybersecurity activities and key references. Not intended to be a checklist. Normalizes activities to commonly used standards and guidelines. Has four elements:  Functions: High-level cybersecurity activities to be developed, prioritized, and implemented.  Categories: Groups of cybersecurity outcomes  Subcategories: Further decomposed the activities within Categories  Information References: Illustrative standards, guidelines and practices 9 Functions Categories Subcategories Informative References IDENTIFY Institutional understanding to manage cybersecurity risk PROTECT Safeguards to ensure delivery of CI services DETECT Identify the occurrences of a cybersecurity event. RESPOND Take action (address) a detected cybersecurity event RECOVER Restore impaired capabilities or CI services from a cybersecurity event
Framework Profile Current Future Category/subcategory Category/subcategory Category/subcategory Category/subcategory Legal/Regulatory Organization Goals Industry Best Practices 10 Sector Goals
Framework Implementation Tiers • • • Describe the maturity of the organization with regard to management of cybersecurity activities No indication of how Implementation Tiers link to specified activities beyond the maturity model. Possibly… • a ‘future’ mechanism to evaluate performance for possible incentives? • Minimum performance expectations established by quasi-oversight agencies such as NERC. External Participation Integrated Program Risk Management Process Tier 1 – Partial Tier 2 – Risk-Informed Tier 3 – Risk-Informed and Repeatable Tier 4 – Adaptive Tier 1 11 Tier 2 Tier 3 Tier 4
Mapping to Risk Management Framework IDENTIFY PROTECT DETECT RESPOND RECOVER 12
Mapping to COBIT IDENTIFY PROTECT DETECT RESPOND RECOVER 13
Mapping to ISO 27001 IDENTIFY PROTECT DETECT RESPOND RECOVER 14
Categories: Asset Management (ID.AM) SUBCATEGORY POSSIBLE ACTIVITIES ID.AM-1: Physical devices and systems within the organization are inventoried • Inventory of systems and key applications are documented. ID.AM-2: Software platforms and applications within the organization are inventoried • Hardware, software, and devices are documented against the inventories. ID.AM-3: The organizational communication and data flow is mapped • • • Data flows Architecture diagrams Boundary diagrams ID.AM-4: External information systems are mapped and catalogued • • Interconnections Cloud systems ID.AM-5: Resources are prioritized based on the classification / criticality / business value of hardware, devices, data, and software • Type of inventory (MA, GSS, vendor, program, data center) Sensitivity classification Security categorization ID.AM-6: Workforce roles and responsibilities for business functions, including cybersecurity, are established • 15 • • • Key points of contact are defined and assigned to inventories. POCs address key roles within organization.
Categories: Business Environment (ID.BE) SUBCATEGORY POSSIBLE ACTIVITIES ID.BE-1: The organization’s role in the supply chain and is identified and communicated • A participant in any of 16 CI sectors? ID.BE-2: The organization’s place in critical infrastructure and their industry ecosystem is identified and communicated • Articulate in organization’s mission and objectives by management, BoD, and organizational staff. Reflect in annual training of employees ID.BE-3: Priorities for organizational mission, objectives, and activities are established • Organization’s CI objectives cascade to individual annual objectives/goals ID.BE-4: Dependencies and critical functions for delivery of critical services are established • • • Identified SLAs or MOUs for interconnections Cloud deployment models Cloud service models ID.BE-5: Resilience requirements to support delivery of critical services are established • FMEA/FTA/HAZOP or any other criticality assessments performed to determine weaknesses within the supply of the critical services 16 •
Categories: Governance (ID.GV) SUBCATEGORY POSSIBLE ACTIVITIES ID.GV-1: Organizational information security policy is established • Established policies and procedures supporting CI and management of cybersecurity. ID.GV-2: Information security roles & responsibility are coordinated and aligned • Established POCs for inventories that address the key security roles. ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed • • Identified governing regulations, and standards Policies and procedures reference applicable regulations, or standards ID.GV-4: Governance and risk management processes address cybersecurity risks • Use of risk management approach that is adopted and place into practice by BOD and senior management. 17
Categories: Risk Assessment (ID.RA) SUBCATEGORY POSSIBLE ACTIVITIES ID.RA-1: Asset vulnerabilities are identified and documented • Use of vulnerability assessment tools and map findings from tools to impacted assets. ID.RA-2: Threat and vulnerability information is received from information sharing forums and sources. • • Use of NIST NVD, ISACs Subscribe through vulnerability assessment tools ID.RA-3: Threats to organizational assets are identified and documented • Use of risk assessment per NIST 800-30 and standardized threat vectors ID.RA-4: Potential impacts are analyzed • • Likelihood and impact levels are determined Assigned risk levels to identified findings ID.RA-5: Risk responses are identified. • Findings include recommended mitigation actions 18
Categories: Risk Management (ID.RM) SUBCATEGORY POSSIBLE ACTIVITIES ID.RM-1: Risk management processes are managed and agreed to • Risk management methodology is clearly defined as part of the CI or IS program. ID.RM-2: Organizational risk tolerance is determined and clearly expressed • Risk appetite/tolerance is defined. ID.RM-3: The organization’s determination of risk tolerance is informed by their role in critical infrastructure and sector specific risk analysis • Risk tolerance must be comparable to the sector. 19
Categories: Access Control (PR.AC) SUBCATEGORY POSSIBLE ACTIVITIES PR.AC-1: Identities and credentials are managed for authorized devices and users • Users are uniquely identified and authenticated before granting access to resources. PR.AC-2: Physical access to resources is managed and secured • Use of physical security, locks, gates, guards, and perhaps dogs! PR.AC-3: Remote access is managed • Remote access requires additional security measures including more complex passwords with shorten validity period. Multi-factor authentication • PR.AC-4: Access permissions are managed • User access is reviewed, authorized, based on approved role, before granting access. PR.AC-5: Network integrity is protected • Information flow enforcement is place. 20
Categories: Awareness and Training (PR.AT) SUBCATEGORY PR.AT-1: General users are informed and trained PR.AT-2: Privileged users understand roles & responsibilities PR.AT-3: Third-party stakeholders (suppliers, customers, partners) understand roles & responsibilities PR.AT-4: Senior executives understand roles & responsibilities PR.AT-5: Physical and information security personnel understand roles & responsibilities 21 POSSIBLE ACTIVITIES • • • Users are trained based on their roles and responsibilities within the organization. Training covers everyone! Vendors, suppliers, and other third-party providers acknowledge their roles and responsibilities through contracts.
Categories: Data Security (PR.DS) SUBCATEGORY POSSIBLE ACTIVITIES PR.DS-1: Data-at-rest is protected • Use of data encryption, firewalls, filtering routers, etc. PR.DS-2: Data-in-motion is secured • Communication paths are protected using physical and logical means (SSL, encryption) PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition • Assets are updated from inventories when they are no longer in use. • Use of boundary protection mechanisms. • Assets are updated from inventories when they are no longer in use. Inventories are updated when they disposed (endof-life). PR.DS-4: Adequate capacity to ensure availability is maintained. PR.DS-5: There is protection against data leaks PR.DS-6: Intellectual property is protected PR.DS-7: Unnecessary assets are eliminated • PR.DS-8: Separate testing environments are used in system development • Use of DEV and VAL environments separately from PROD environment PR.DS-9: Privacy of individuals and personally identifiable information (PII) is protected 22 • Use of recommended privacy controls
Categories: Information Protection Processes and Procedures (PR.IP) SUBCATEGORY POSSIBLE ACTIVITIES PR.IP-1: A baseline configuration of information technology/operational technology systems is created • Use of security configuration baseline for computing assets (FDCC) PR.IP-2: A System Development Life Cycle to manage systems is implemented • Inventories must contain appropriate SDLC status. PR.IP-3: Configuration change control processes are in place • • CM policies and procedures are in place. Configuration changes are tracked. PR.IP-4: Backups of information are managed • Data backup/archive policies and procedures addressing both onsite and offsite storage. PR.IP-5: Policy and regulations regarding the physical operating environment for organizational assets are met. • Assortments of physical and environment controls are implemented for inventories. Reference NIST PE family. PR.IP-6: Information is destroyed according to policy and requirements • Policies and procedures manage destruction of information including archives on data backups. 23
Categories: Information Protection Processes and Procedures (PR.IP) SUBCATEGORY POSSIBLE ACTIVITIES PR.IP-7: Protection processes are continuously improved PR.IP-8: Information sharing occurs with appropriate parties PR.IP-9: Response plans (Business Continuity Plan(s), Disaster Recovery Plan(s), Incident Handling Plan(s)) are in place and managed • Formal use of BCP and ITCP PR.IP-10: Response plans are exercised • Plans are tested on periodic basis PR.IP-11: Cybersecurity is included in human resources practices (de-provisioning, personnel screening, etc.) • Management of staff and key personnel access to IT resources accordingly to role changes and termination. 24
Categories: Maintenance (PR.MA) SUBCATEGORY POSSIBLE ACTIVITIES PR.MA-1: Maintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools • • • PR.MA-2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access and supports availability requirements for important operational and information systems. • • 25 • Frequency of maintenance is defined Use of maintenance notifications Document of organization’s facilitated maintenance activities/logs Document of vendor-provided maintenance activities Automated audit trails Readily available for reviews and reports
Categories: Protective Technology (PR.PT) SUBCATEGORY POSSIBLE ACTIVITIES PR.PT-1: Audit and log records are stored in accordance with audit policy • Audit trails, at the minimum, should contain previous state, current state, by whom, and when. PR.PT-2: Removable media are protected according to a specified policy • Safeguards of data backup tapes or removable media. PR.PT-3: Access to systems and assets is appropriately controlled • • • Access is reviewed and authorized. Use of physical and logic access controls to org assets. Access is monitored. PR.PT-4: Communications networks are secured • Wireless access is managed PR.PT-5: Specialized systems are protected according to the risk analysis (SCADA, ICS, DCS) • Depth of protections must be comparable to the type of control systems. 26
Categories: Anomalies and Events (DE.AE) SUBCATEGORY POSSIBLE ACTIVITIES DE.AE-1: A baseline of normal operations and procedures is identified and managed • DE.AE-2: Detected events are analyzed to understand attack targets and methods • DE.AE-3: Cybersecurity data are correlated from diverse information sources DE.AE-4: Impact of potential cybersecurity events is determined. DE.AE-5: Incident alert thresholds are created 27 • • • Inventories are subjected to monitoring as part of an enterprise-wide continuous monitoring program. Monitoring takes place on IT systems both internal and external. Incidents are reported and managed. Notifications are employed where appropriate. Impact levels including any regulatory reporting are defined (i.e. HIPAA breach requirements, PII) Issues are tracked until fully remedied as part of a corrective action management.
Categories: Security Continuous Monitoring (DE.CM) SUBCATEGORY POSSIBLE ACTIVITIES DE.CM-1: The network is monitored to detect potential cybersecurity events • • Use of IDS and IPS Notifications of suspicious activities DE.CM-2: The physical environment is monitored to detect potential cybersecurity events • Cameras, ground/remote sensors, alarms DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events • Access logs are reviewed for pattern of miss-use of unauthorized or repeated failed accesses. DE.CM-4: Malicious code is detected • • Use of anti-virus and anti-spyware on computing devices. Staff are trained on what to do in case of detection. DE.CM-5: Unauthorized mobile code is detected • Control of user environment - FDCC DE.CM-6: External service providers are monitored • Access of non-organizational users should be verified/monitored based on roles, risk profile and frequency. DE.CM-7: Unauthorized resources are monitored • Logs should be inspected for attempted access to unauthorized resources. DE.CM-8: Vulnerability assessments are performed • Network scans, pen testing are periodically performed. Frequency and depth should be comparable to cybersecurity risk of the sector • 28
Categories: Detection Processes (DE.DP) SUBCATEGORY DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability POSSIBLE ACTIVITIES • • DE.DP-2: Detection activities comply with all applicable requirements, including those related to privacy and civil liberties POCs are defined for the incident response/BCP and inventories. Inventories may subject to the requirements of conformity assessment, privacy review, or security authorization processes. DE.DP-3: Detection processes are exercised to ensure readiness • Applicable controls are tested for the inventories to ensure effectiveness. DE.DP-4: Event detection information is communicated to appropriate parties • Notifications are sent to response DE.DP-5: Detection processes are continuously improved • Use of automation detection technologies including SIEM, IDS, IPS, etc. 29
Categories: Response Planning (RS.PL) SUBCATEGORY RS.PL-1: Response plan is implemented during or after an event. 30 POSSIBLE ACTIVITIES • Incident response process is in place within threshold of incident reporting as established by the organization.
Categories: Communications (RS.CO) SUBCATEGORY POSSIBLE ACTIVITIES RS.CO-1: Personnel know their roles and order of operations when a response is needed • Annual training on incident response and BCP RS.CO-2: Events are reported consistent with established criteria • Thresholds of initial reviews, notifications (internal) and external notifications should be clearly defined along with the oversight required to ensure their practices are consistent to governing regulations. RS.CO-3: Detection/response information, such as breach reporting requirements, is shared consistent with response plans, including those related to privacy and civil liberties • If incidents involved PII or PHI, privacy personnel should be included. Where applicable, depending on size, reports on PII and PHI breach also go to HHS. • RS.CO-4: Coordination with stakeholders occurs consistent with response plans, including those related to privacy and civil liberties RS.CO-5: Voluntary coordination occurs with external stakeholders (ex, business partners, information sharing and analysis centers, customers) 31 • Communication is encouraged, not required.
Categories: Analysis (RS.AN) SUBCATEGORY POSSIBLE ACTIVITIES RS.AN-1: Notifications from the detection system are investigated • Incident/issue reported must be investigated. RS.AN-2: Understand the impact of the incident • Risk analysis to be taken to determine if incident exceeds the risk tolerance defined for the organization requiring additional actions or violates any regulatory requirements. RS.AN-3: Forensics are performed • Some incidents may require extended forensic reviews including logs, file reconstructions, file and offsite backups, etc. RS.AN-4: Incidents are classified consistent with response plans • Incident management must follow defined policies and procedures, and is according to established thresholds. 32
Categories: Mitigation (RS.MI) SUBCATEGORY RS.MI-1: Incidents are contained POSSIBLE ACTIVITIES • • RS.MI-2: Incidents are eradicated • 33 Mechanisms to track incidents/issues Mechanisms to identify activities to contain the incidents. Need to be able to formulate corrective action plan and related milestones and assign them to various owners. Mechanisms to gain visibility to outstanding CAs/issues and their remediation plan
Categories: Improvements (RS.IM) SUBCATEGORY POSSIBLE ACTIVITIES RS.IM-1: Response plans incorporate lessons learned • • • Use of lessons learned. Policies and procedures are periodically updated. Incorporated into annual training RS.IM-2: Response strategies are updated • Incident response strategies reflect current P&P. 34
Categories: Recovery Planning (RS.RP) SUBCATEGORY RC.RP-1: Recovery plan is executed 35 POSSIBLE ACTIVITIES • Recovery processes are tested and maintained.
Categories: Improvements (RC.IM) SUBCATEGORY POSSIBLE ACTIVITIES RC.IM-1: Plans are updated with lessons learned • RC.IM-2: Recovery strategy is updated • 36 • BCP and incident response plan are updated on a regular basis. Personnel contact updates Changes in technology and practices as well as supporting infrastructure impact recovery strategies.
Categories: Communications (RC.CO) SUBCATEGORY RC.CO-1: Public Relations are managed POSSIBLE ACTIVITIES • • RC.CO-2: Reputation after an event is repaired 37 • Breach notification according to governing regulations to regulatory bodies Prompt notifications to impacted consumers. Credit monitoring offer for one year for impacted people in PII or credit cards (Target, Michaels)
What to Expect in Version 1.0 • • • • v1.0 of the Cybersecurity Framework to be released on Feb 13. Privacy framework may be removed from the final version. Framework’s voluntary language may shift to ‘adoption’ Additional guidance may forth coming on: – Use of profiles and implementation tiers – Areas for improvements: • • • • • • • Authentication Indicator sharing Conformity assessment Cybersecurity workforce Data analytics International and privacy standards Supply chain management • Framework will, at some point, transition into non-government organization. 38
Conclusion • Foundational framework for cybersecurity management flexible to support any organization: – – – – Applicable to many industries Size or organization Scalable Maturity • Offer choices of standards to assess, evaluate and monitor progress: – NIST – COBIT – ISA 39
Thank You 40
Contact Information Tuan Phan Trusted Integration, Inc. 525 Wythe Street Alexandria, VA 22314 Office: 703-299-9171 ext. 103 tuanp@trustedintegration.com twitter @TrustedAgentGRC www.trustedintegration.com 41

Recomendados

How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) Priyanka Aash
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 

Recomendados

How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) Priyanka Aash
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Priyanka Aash
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Denise Tawwab
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Isaca crisc-courseware
Isaca crisc-coursewareIsaca crisc-courseware
Isaca crisc-coursewareLaxmi Bank
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 

Mais conteúdo relacionado

Mais procurados

Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Priyanka Aash
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Denise Tawwab
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Isaca crisc-courseware
Isaca crisc-coursewareIsaca crisc-courseware
Isaca crisc-coursewareLaxmi Bank
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 

Mais procurados (20)

Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Isaca crisc-courseware
Isaca crisc-coursewareIsaca crisc-courseware
Isaca crisc-courseware
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 

Semelhante a NIST Cybersecurity Framework Intro for ISACA Richmond Chapter

Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsSkoda Minotti
 
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptxC2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptxssusere84743
 
cybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxcybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxMuhammadAbdullah311866
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPScott Baron
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxframework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxMuhammadAbdullah311866
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information SecurityJohnHPazEMCPMPITIL5G
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsRob Arnold
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA Information Security
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesVulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesSlideTeam
 

Semelhante a NIST Cybersecurity Framework Intro for ISACA Richmond Chapter (20)

Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
2 Day MOSTI Workshop
2 Day MOSTI Workshop2 Day MOSTI Workshop
2 Day MOSTI Workshop
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
 
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptxC2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
 
cybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxcybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptx
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxframework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptx
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information Security
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & Metrics
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government Contractors
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfCybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesVulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation Slides
 

Mais de Tuan Phan

TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTuan Phan
 
TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)Tuan Phan
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTuan Phan
 
Fed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarFed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarTuan Phan
 
Guide to understanding_fed_ramp_042213
Guide to understanding_fed_ramp_042213Guide to understanding_fed_ramp_042213
Guide to understanding_fed_ramp_042213Tuan Phan
 
Building an Effective GRC Process with TrustedAgent GRC
Building an Effective GRC Process with TrustedAgent GRCBuilding an Effective GRC Process with TrustedAgent GRC
Building an Effective GRC Process with TrustedAgent GRCTuan Phan
 
Key Points of FISMA Reforms of 2013
Key Points of FISMA Reforms of 2013Key Points of FISMA Reforms of 2013
Key Points of FISMA Reforms of 2013Tuan Phan
 
Guide to understanding_fed_ramp_032513
Guide to understanding_fed_ramp_032513Guide to understanding_fed_ramp_032513
Guide to understanding_fed_ramp_032513Tuan Phan
 
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalMarch 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalTuan Phan
 
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspTuan Phan
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesTuan Phan
 
Continuous monitoring strategy_guide_072712
Continuous monitoring strategy_guide_072712Continuous monitoring strategy_guide_072712
Continuous monitoring strategy_guide_072712Tuan Phan
 
Conops v1.1 07162012_508
Conops v1.1 07162012_508Conops v1.1 07162012_508
Conops v1.1 07162012_508Tuan Phan
 
Completing fedramp-security-authorization-process
Completing fedramp-security-authorization-processCompleting fedramp-security-authorization-process
Completing fedramp-security-authorization-processTuan Phan
 

Mais de Tuan Phan (15)

TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security Authorization
 
Fed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarFed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinar
 
Guide to understanding_fed_ramp_042213
Guide to understanding_fed_ramp_042213Guide to understanding_fed_ramp_042213
Guide to understanding_fed_ramp_042213
 
Building an Effective GRC Process with TrustedAgent GRC
Building an Effective GRC Process with TrustedAgent GRCBuilding an Effective GRC Process with TrustedAgent GRC
Building an Effective GRC Process with TrustedAgent GRC
 
Key Points of FISMA Reforms of 2013
Key Points of FISMA Reforms of 2013Key Points of FISMA Reforms of 2013
Key Points of FISMA Reforms of 2013
 
Guide to understanding_fed_ramp_032513
Guide to understanding_fed_ramp_032513Guide to understanding_fed_ramp_032513
Guide to understanding_fed_ramp_032513
 
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalMarch 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
 
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for csp
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
 
Continuous monitoring strategy_guide_072712
Continuous monitoring strategy_guide_072712Continuous monitoring strategy_guide_072712
Continuous monitoring strategy_guide_072712
 
Conops v1.1 07162012_508
Conops v1.1 07162012_508Conops v1.1 07162012_508
Conops v1.1 07162012_508
 
Completing fedramp-security-authorization-process
Completing fedramp-security-authorization-processCompleting fedramp-security-authorization-process
Completing fedramp-security-authorization-process
 

Último

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney
 

Último (20)

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
 

NIST Cybersecurity Framework Intro for ISACA Richmond Chapter

  • 1. NIST Cybersecurity Framework Tuan Phan Trusted Integration, Inc. February 2014
  • 2. Introducing Trusted Integration, Inc. • • • • • 2 Alexandria-based small business, founded in 2001 Core focus on creating adaptive, scalable, and cost-effective Governance, Risk & Compliance (GRC) Solutions. Privately-held Profitable Deep relationships with Security, Risk and Technology Communities:
  • 3. The Leading Brand for Government GRC • 2013 Golden Bridge Technology Recipient for: – Gold Award for Government Compliance Solution – Silver Award for Governance, Risk and Compliance Solution • 3 Several Government Agencies and Commercial Enterprises depend on TrustedAgent GRC.
  • 4. What is Cybersecurity Framework • Voluntary risk-management approach • Guidance to manage cybersecurity risk • Encourage organizations to consider cybersecurity risk and their impact on the organization similar to: – Financial risk – Operational risk – Safety risk • Does not displace or substitute for governing regulations applicable to the organizations: – – – – 4 HIPAA-HITECH NERC CIP PCI DSS FFIEC
  • 5. What is Cybersecurity Framework (cont’d) • Collaborative in nature: – – – – 5 Incorporating over 2,700 comments since original RFI. From EO 13636 until preliminary framework took over 8 months Major road shows for NIST covering 5 major locations across US When release, the final framework will have taken over a year to develop.
  • 6. Goals of the Framework • Adaptable, flexible, and scalable • Improve organization’s readiness for managing cybersecurity risk • Actionable across the enterprise • Flexible, repeatable and performance-based • Cost-effective • Leverage standards, methodologies and processes • Promote technology innovation • Focus on outcomes 6
  • 7. Applicability • Critical infrastructure (CI) community – Owners – Operators • Covers 16 critical infrastructure sectors: Raise your hand if your sector is not listed 7
  • 8. Key Parts of the Framework Core Profile 8 Implementation Tiers
  • 9. Framework Core • • • • Details cybersecurity activities and key references. Not intended to be a checklist. Normalizes activities to commonly used standards and guidelines. Has four elements:  Functions: High-level cybersecurity activities to be developed, prioritized, and implemented.  Categories: Groups of cybersecurity outcomes  Subcategories: Further decomposed the activities within Categories  Information References: Illustrative standards, guidelines and practices 9 Functions Categories Subcategories Informative References IDENTIFY Institutional understanding to manage cybersecurity risk PROTECT Safeguards to ensure delivery of CI services DETECT Identify the occurrences of a cybersecurity event. RESPOND Take action (address) a detected cybersecurity event RECOVER Restore impaired capabilities or CI services from a cybersecurity event
  • 11. Framework Implementation Tiers • • • Describe the maturity of the organization with regard to management of cybersecurity activities No indication of how Implementation Tiers link to specified activities beyond the maturity model. Possibly… • a ‘future’ mechanism to evaluate performance for possible incentives? • Minimum performance expectations established by quasi-oversight agencies such as NERC. External Participation Integrated Program Risk Management Process Tier 1 – Partial Tier 2 – Risk-Informed Tier 3 – Risk-Informed and Repeatable Tier 4 – Adaptive Tier 1 11 Tier 2 Tier 3 Tier 4
  • 12. Mapping to Risk Management Framework IDENTIFY PROTECT DETECT RESPOND RECOVER 12
  • 14. Mapping to ISO 27001 IDENTIFY PROTECT DETECT RESPOND RECOVER 14
  • 15. Categories: Asset Management (ID.AM) SUBCATEGORY POSSIBLE ACTIVITIES ID.AM-1: Physical devices and systems within the organization are inventoried • Inventory of systems and key applications are documented. ID.AM-2: Software platforms and applications within the organization are inventoried • Hardware, software, and devices are documented against the inventories. ID.AM-3: The organizational communication and data flow is mapped • • • Data flows Architecture diagrams Boundary diagrams ID.AM-4: External information systems are mapped and catalogued • • Interconnections Cloud systems ID.AM-5: Resources are prioritized based on the classification / criticality / business value of hardware, devices, data, and software • Type of inventory (MA, GSS, vendor, program, data center) Sensitivity classification Security categorization ID.AM-6: Workforce roles and responsibilities for business functions, including cybersecurity, are established • 15 • • • Key points of contact are defined and assigned to inventories. POCs address key roles within organization.
  • 16. Categories: Business Environment (ID.BE) SUBCATEGORY POSSIBLE ACTIVITIES ID.BE-1: The organization’s role in the supply chain and is identified and communicated • A participant in any of 16 CI sectors? ID.BE-2: The organization’s place in critical infrastructure and their industry ecosystem is identified and communicated • Articulate in organization’s mission and objectives by management, BoD, and organizational staff. Reflect in annual training of employees ID.BE-3: Priorities for organizational mission, objectives, and activities are established • Organization’s CI objectives cascade to individual annual objectives/goals ID.BE-4: Dependencies and critical functions for delivery of critical services are established • • • Identified SLAs or MOUs for interconnections Cloud deployment models Cloud service models ID.BE-5: Resilience requirements to support delivery of critical services are established • FMEA/FTA/HAZOP or any other criticality assessments performed to determine weaknesses within the supply of the critical services 16 •
  • 17. Categories: Governance (ID.GV) SUBCATEGORY POSSIBLE ACTIVITIES ID.GV-1: Organizational information security policy is established • Established policies and procedures supporting CI and management of cybersecurity. ID.GV-2: Information security roles & responsibility are coordinated and aligned • Established POCs for inventories that address the key security roles. ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed • • Identified governing regulations, and standards Policies and procedures reference applicable regulations, or standards ID.GV-4: Governance and risk management processes address cybersecurity risks • Use of risk management approach that is adopted and place into practice by BOD and senior management. 17
  • 18. Categories: Risk Assessment (ID.RA) SUBCATEGORY POSSIBLE ACTIVITIES ID.RA-1: Asset vulnerabilities are identified and documented • Use of vulnerability assessment tools and map findings from tools to impacted assets. ID.RA-2: Threat and vulnerability information is received from information sharing forums and sources. • • Use of NIST NVD, ISACs Subscribe through vulnerability assessment tools ID.RA-3: Threats to organizational assets are identified and documented • Use of risk assessment per NIST 800-30 and standardized threat vectors ID.RA-4: Potential impacts are analyzed • • Likelihood and impact levels are determined Assigned risk levels to identified findings ID.RA-5: Risk responses are identified. • Findings include recommended mitigation actions 18
  • 19. Categories: Risk Management (ID.RM) SUBCATEGORY POSSIBLE ACTIVITIES ID.RM-1: Risk management processes are managed and agreed to • Risk management methodology is clearly defined as part of the CI or IS program. ID.RM-2: Organizational risk tolerance is determined and clearly expressed • Risk appetite/tolerance is defined. ID.RM-3: The organization’s determination of risk tolerance is informed by their role in critical infrastructure and sector specific risk analysis • Risk tolerance must be comparable to the sector. 19
  • 20. Categories: Access Control (PR.AC) SUBCATEGORY POSSIBLE ACTIVITIES PR.AC-1: Identities and credentials are managed for authorized devices and users • Users are uniquely identified and authenticated before granting access to resources. PR.AC-2: Physical access to resources is managed and secured • Use of physical security, locks, gates, guards, and perhaps dogs! PR.AC-3: Remote access is managed • Remote access requires additional security measures including more complex passwords with shorten validity period. Multi-factor authentication • PR.AC-4: Access permissions are managed • User access is reviewed, authorized, based on approved role, before granting access. PR.AC-5: Network integrity is protected • Information flow enforcement is place. 20
  • 21. Categories: Awareness and Training (PR.AT) SUBCATEGORY PR.AT-1: General users are informed and trained PR.AT-2: Privileged users understand roles & responsibilities PR.AT-3: Third-party stakeholders (suppliers, customers, partners) understand roles & responsibilities PR.AT-4: Senior executives understand roles & responsibilities PR.AT-5: Physical and information security personnel understand roles & responsibilities 21 POSSIBLE ACTIVITIES • • • Users are trained based on their roles and responsibilities within the organization. Training covers everyone! Vendors, suppliers, and other third-party providers acknowledge their roles and responsibilities through contracts.
  • 22. Categories: Data Security (PR.DS) SUBCATEGORY POSSIBLE ACTIVITIES PR.DS-1: Data-at-rest is protected • Use of data encryption, firewalls, filtering routers, etc. PR.DS-2: Data-in-motion is secured • Communication paths are protected using physical and logical means (SSL, encryption) PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition • Assets are updated from inventories when they are no longer in use. • Use of boundary protection mechanisms. • Assets are updated from inventories when they are no longer in use. Inventories are updated when they disposed (endof-life). PR.DS-4: Adequate capacity to ensure availability is maintained. PR.DS-5: There is protection against data leaks PR.DS-6: Intellectual property is protected PR.DS-7: Unnecessary assets are eliminated • PR.DS-8: Separate testing environments are used in system development • Use of DEV and VAL environments separately from PROD environment PR.DS-9: Privacy of individuals and personally identifiable information (PII) is protected 22 • Use of recommended privacy controls
  • 23. Categories: Information Protection Processes and Procedures (PR.IP) SUBCATEGORY POSSIBLE ACTIVITIES PR.IP-1: A baseline configuration of information technology/operational technology systems is created • Use of security configuration baseline for computing assets (FDCC) PR.IP-2: A System Development Life Cycle to manage systems is implemented • Inventories must contain appropriate SDLC status. PR.IP-3: Configuration change control processes are in place • • CM policies and procedures are in place. Configuration changes are tracked. PR.IP-4: Backups of information are managed • Data backup/archive policies and procedures addressing both onsite and offsite storage. PR.IP-5: Policy and regulations regarding the physical operating environment for organizational assets are met. • Assortments of physical and environment controls are implemented for inventories. Reference NIST PE family. PR.IP-6: Information is destroyed according to policy and requirements • Policies and procedures manage destruction of information including archives on data backups. 23
  • 24. Categories: Information Protection Processes and Procedures (PR.IP) SUBCATEGORY POSSIBLE ACTIVITIES PR.IP-7: Protection processes are continuously improved PR.IP-8: Information sharing occurs with appropriate parties PR.IP-9: Response plans (Business Continuity Plan(s), Disaster Recovery Plan(s), Incident Handling Plan(s)) are in place and managed • Formal use of BCP and ITCP PR.IP-10: Response plans are exercised • Plans are tested on periodic basis PR.IP-11: Cybersecurity is included in human resources practices (de-provisioning, personnel screening, etc.) • Management of staff and key personnel access to IT resources accordingly to role changes and termination. 24
  • 25. Categories: Maintenance (PR.MA) SUBCATEGORY POSSIBLE ACTIVITIES PR.MA-1: Maintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools • • • PR.MA-2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access and supports availability requirements for important operational and information systems. • • 25 • Frequency of maintenance is defined Use of maintenance notifications Document of organization’s facilitated maintenance activities/logs Document of vendor-provided maintenance activities Automated audit trails Readily available for reviews and reports
  • 26. Categories: Protective Technology (PR.PT) SUBCATEGORY POSSIBLE ACTIVITIES PR.PT-1: Audit and log records are stored in accordance with audit policy • Audit trails, at the minimum, should contain previous state, current state, by whom, and when. PR.PT-2: Removable media are protected according to a specified policy • Safeguards of data backup tapes or removable media. PR.PT-3: Access to systems and assets is appropriately controlled • • • Access is reviewed and authorized. Use of physical and logic access controls to org assets. Access is monitored. PR.PT-4: Communications networks are secured • Wireless access is managed PR.PT-5: Specialized systems are protected according to the risk analysis (SCADA, ICS, DCS) • Depth of protections must be comparable to the type of control systems. 26
  • 27. Categories: Anomalies and Events (DE.AE) SUBCATEGORY POSSIBLE ACTIVITIES DE.AE-1: A baseline of normal operations and procedures is identified and managed • DE.AE-2: Detected events are analyzed to understand attack targets and methods • DE.AE-3: Cybersecurity data are correlated from diverse information sources DE.AE-4: Impact of potential cybersecurity events is determined. DE.AE-5: Incident alert thresholds are created 27 • • • Inventories are subjected to monitoring as part of an enterprise-wide continuous monitoring program. Monitoring takes place on IT systems both internal and external. Incidents are reported and managed. Notifications are employed where appropriate. Impact levels including any regulatory reporting are defined (i.e. HIPAA breach requirements, PII) Issues are tracked until fully remedied as part of a corrective action management.
  • 28. Categories: Security Continuous Monitoring (DE.CM) SUBCATEGORY POSSIBLE ACTIVITIES DE.CM-1: The network is monitored to detect potential cybersecurity events • • Use of IDS and IPS Notifications of suspicious activities DE.CM-2: The physical environment is monitored to detect potential cybersecurity events • Cameras, ground/remote sensors, alarms DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events • Access logs are reviewed for pattern of miss-use of unauthorized or repeated failed accesses. DE.CM-4: Malicious code is detected • • Use of anti-virus and anti-spyware on computing devices. Staff are trained on what to do in case of detection. DE.CM-5: Unauthorized mobile code is detected • Control of user environment - FDCC DE.CM-6: External service providers are monitored • Access of non-organizational users should be verified/monitored based on roles, risk profile and frequency. DE.CM-7: Unauthorized resources are monitored • Logs should be inspected for attempted access to unauthorized resources. DE.CM-8: Vulnerability assessments are performed • Network scans, pen testing are periodically performed. Frequency and depth should be comparable to cybersecurity risk of the sector • 28
  • 29. Categories: Detection Processes (DE.DP) SUBCATEGORY DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability POSSIBLE ACTIVITIES • • DE.DP-2: Detection activities comply with all applicable requirements, including those related to privacy and civil liberties POCs are defined for the incident response/BCP and inventories. Inventories may subject to the requirements of conformity assessment, privacy review, or security authorization processes. DE.DP-3: Detection processes are exercised to ensure readiness • Applicable controls are tested for the inventories to ensure effectiveness. DE.DP-4: Event detection information is communicated to appropriate parties • Notifications are sent to response DE.DP-5: Detection processes are continuously improved • Use of automation detection technologies including SIEM, IDS, IPS, etc. 29
  • 30. Categories: Response Planning (RS.PL) SUBCATEGORY RS.PL-1: Response plan is implemented during or after an event. 30 POSSIBLE ACTIVITIES • Incident response process is in place within threshold of incident reporting as established by the organization.
  • 31. Categories: Communications (RS.CO) SUBCATEGORY POSSIBLE ACTIVITIES RS.CO-1: Personnel know their roles and order of operations when a response is needed • Annual training on incident response and BCP RS.CO-2: Events are reported consistent with established criteria • Thresholds of initial reviews, notifications (internal) and external notifications should be clearly defined along with the oversight required to ensure their practices are consistent to governing regulations. RS.CO-3: Detection/response information, such as breach reporting requirements, is shared consistent with response plans, including those related to privacy and civil liberties • If incidents involved PII or PHI, privacy personnel should be included. Where applicable, depending on size, reports on PII and PHI breach also go to HHS. • RS.CO-4: Coordination with stakeholders occurs consistent with response plans, including those related to privacy and civil liberties RS.CO-5: Voluntary coordination occurs with external stakeholders (ex, business partners, information sharing and analysis centers, customers) 31 • Communication is encouraged, not required.
  • 32. Categories: Analysis (RS.AN) SUBCATEGORY POSSIBLE ACTIVITIES RS.AN-1: Notifications from the detection system are investigated • Incident/issue reported must be investigated. RS.AN-2: Understand the impact of the incident • Risk analysis to be taken to determine if incident exceeds the risk tolerance defined for the organization requiring additional actions or violates any regulatory requirements. RS.AN-3: Forensics are performed • Some incidents may require extended forensic reviews including logs, file reconstructions, file and offsite backups, etc. RS.AN-4: Incidents are classified consistent with response plans • Incident management must follow defined policies and procedures, and is according to established thresholds. 32
  • 33. Categories: Mitigation (RS.MI) SUBCATEGORY RS.MI-1: Incidents are contained POSSIBLE ACTIVITIES • • RS.MI-2: Incidents are eradicated • 33 Mechanisms to track incidents/issues Mechanisms to identify activities to contain the incidents. Need to be able to formulate corrective action plan and related milestones and assign them to various owners. Mechanisms to gain visibility to outstanding CAs/issues and their remediation plan
  • 34. Categories: Improvements (RS.IM) SUBCATEGORY POSSIBLE ACTIVITIES RS.IM-1: Response plans incorporate lessons learned • • • Use of lessons learned. Policies and procedures are periodically updated. Incorporated into annual training RS.IM-2: Response strategies are updated • Incident response strategies reflect current P&P. 34
  • 35. Categories: Recovery Planning (RS.RP) SUBCATEGORY RC.RP-1: Recovery plan is executed 35 POSSIBLE ACTIVITIES • Recovery processes are tested and maintained.
  • 36. Categories: Improvements (RC.IM) SUBCATEGORY POSSIBLE ACTIVITIES RC.IM-1: Plans are updated with lessons learned • RC.IM-2: Recovery strategy is updated • 36 • BCP and incident response plan are updated on a regular basis. Personnel contact updates Changes in technology and practices as well as supporting infrastructure impact recovery strategies.
  • 37. Categories: Communications (RC.CO) SUBCATEGORY RC.CO-1: Public Relations are managed POSSIBLE ACTIVITIES • • RC.CO-2: Reputation after an event is repaired 37 • Breach notification according to governing regulations to regulatory bodies Prompt notifications to impacted consumers. Credit monitoring offer for one year for impacted people in PII or credit cards (Target, Michaels)
  • 38. What to Expect in Version 1.0 • • • • v1.0 of the Cybersecurity Framework to be released on Feb 13. Privacy framework may be removed from the final version. Framework’s voluntary language may shift to ‘adoption’ Additional guidance may forth coming on: – Use of profiles and implementation tiers – Areas for improvements: • • • • • • • Authentication Indicator sharing Conformity assessment Cybersecurity workforce Data analytics International and privacy standards Supply chain management • Framework will, at some point, transition into non-government organization. 38
  • 39. Conclusion • Foundational framework for cybersecurity management flexible to support any organization: – – – – Applicable to many industries Size or organization Scalable Maturity • Offer choices of standards to assess, evaluate and monitor progress: – NIST – COBIT – ISA 39
  • 41. Contact Information Tuan Phan Trusted Integration, Inc. 525 Wythe Street Alexandria, VA 22314 Office: 703-299-9171 ext. 103 tuanp@trustedintegration.com twitter @TrustedAgentGRC www.trustedintegration.com 41