SlideShare uma empresa Scribd logo

Keynote Session : NIST - Cyber Security Framework Measuring Security

Transferir como PPTX, PDF
Priyanka Aash
Priyanka Aash

What is the NIST Cybersecurity Framework? Why YOU should care? How would I apply it? How would I measure my effectiveness?

Tecnologia
1 de 21
Critical Security Framework MEASURING Security Dick Bussiere | Technical Director | Asia Pacific
Turbo Agenda  Whatisthe NISTCybersecurityFramework?  Why YOUshould care?  How wouldIapplyit?  How wouldImeasuremy effectiveness?
Things to Ponder  205 Days until breach detected (APAC Average)?  Can you say with certainty that you are100% Secure?  Do you knowwith certainty that you haveNOT beenbreached?
Heard on the street… Of organizations believesecurity should be a top orhigh priority of the business Of CEO’s viewsecurity as a top orhigh priority to the business Of organizationscompletely agree that the businesshasthe ability to defend itself from securityattacks
IF YOU CAN’T MEASUREYOU CAN’T CONTROL
IF YOU CAN’T MEASUREYOU CAN’T IMPROVE
Communication Gap? Executive: • Brand & Reputation of Business • Ongoing Business Operations • Risk to Customers IT Team: • Is riskat anacceptable level? • What level of risk arewe exposed to? • Arewe compliant with all the regulations that apply to us? • Is thecybersecurityplatform operating as well as it should be? • Whereshould wespend additional money?
The Survey Says… Security Frameworks guide the way… • 84% Leverage a security framework • Broad range of company sizes Wide Range of Frameworks Utilized • 44% used more than one framework • EOY 2016 - CSF (43%), CIS (44%) ISO (44%) Best practice & requirements drive CSF adoption • 70% adopted CSF because they consider it best practice • 29% adopted CSF because a partner required it Security Framework Adoption is a Journey • Only 1 in 5 rank their organization as very mature • More than half of CSF adopters require significant investment to fully conform Survey conducted by Dimensional Research, March 2016 316 IT and Security Professionals interviewed in US
Why Cyber Security Framework?  Asksthe question“whatareyoudoing toimprove” ratherthan“did youimplement controlXYZ”  Results in a shiftfrom compliance to actionand specificoutcomes  Businessoriented  Has built-inmaturitymodel andgap analysis  No need to overlay another maturity modelon top of CSF  Measureswhereyou areand whereyou need to go  Can be implemented“piecemeal”as required,makingit moreappealing to business
 Repeatable  Flexible  TechnologyNeutral  CostEffective  Measurable!  CommonLanguage WhyCyber Security Framework?
Objectives of CSF in a nutshell Describe Current Security Posture Describe TargetSecurity Posture Continuous Improvement AssessProgress towards Target Posture CommunicateRisk
A Frameworkof Frameworks ISO/IEC27001 CCSCSC1 ISA62443 NISTSP 800-53 COBIT 5 NISTCYBERSECURITY FRAMEWORK 5in 1!
Framework Profile (Where you are and where you want to go) Framework Implementation Tiers (How you view cybersecurity) CSF Core (What it does) •Defines (measures) current state •Defines (measures) desired state •Tiers (4) that show how cybersecurity risks and processes are viewed within an organization •Required Tier based on perceived risk/benefit analysis •Identify •Protect •Detect •Restore •Recover The Cyber Security Framework at 40,000 feet…
CSF Component 1 – FrameworkCore Framework Core Identify Detect RespondRecover Protect
Structure Microsoft Excel Worksheet
Risk Profile, Requirements & Resources ISO/IEC 27001 NIST Cybersecurity Framework CIS Critical Security Controls ISA 62443 “Normalization Layer” Use CSF to “Normalize to Common Language Existing Frameworks
CSF Component 2 – FrameworkImplementation Tiers Partial Risk Informed Repeatable Adaptable  How cybersecurity risks and processes are viewed within organization Sophistication
CSF Component 3 – FrameworkProfile  Presents overview of present and future cybersecurity posture  BusinessRequirements  RiskTolerance  Resources  Usedtodefine currentstate and desired state  Canhelp measure progress...
How is CSF Different?  Expresses cybersecurity activities in a common language  Leverages existing standards –does not reinvent the wheel –can map existing processes/guidelines into CSF  Provides crucial guidance for reinforcing security controls while maintaining a focus on business objectives  Provides a vehicle to effectively measurecybersecurityeffectiveness independent of existing framework
Endpoint Assessment Network Monitoring Analytics Event Monitoring Ingredients to Measuring Compliance
Thank You Dick Bussiere | Technical Director | Asia Pacific

Recomendados

Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.Priyanka Aash
 
Keynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityKeynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityPriyanka Aash
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworksJohn Arnold
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
NISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best PracticeNISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best PracticeDavid Ochel
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkChaitanya Bhatt
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 

Recomendados

Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.Priyanka Aash
 
Keynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityKeynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityPriyanka Aash
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworksJohn Arnold
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
NISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best PracticeNISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best PracticeDavid Ochel
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkChaitanya Bhatt
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Priyanka Aash
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Phil Agcaoili
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Bill Ross
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind mapDavid Kennedy
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSouth Tyrol Free Software Conference
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
The real cost of a cheap security operations center
The real cost of a cheap security operations centerThe real cost of a cheap security operations center
The real cost of a cheap security operations centerCyberhat
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkEMMAIntl
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALCYBER SENSE
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015Health IT Conference – iHT2
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Security Proposal for High Profile/Government Individual
Security Proposal for High Profile/Government IndividualSecurity Proposal for High Profile/Government Individual
Security Proposal for High Profile/Government IndividualDayo Olujekun
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Keynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforceKeynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforcePriyanka Aash
 

Mais conteúdo relacionado

Mais procurados

The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Priyanka Aash
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Phil Agcaoili
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Bill Ross
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind mapDavid Kennedy
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSouth Tyrol Free Software Conference
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
The real cost of a cheap security operations center
The real cost of a cheap security operations centerThe real cost of a cheap security operations center
The real cost of a cheap security operations centerCyberhat
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkEMMAIntl
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALCYBER SENSE
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Security Proposal for High Profile/Government Individual
Security Proposal for High Profile/Government IndividualSecurity Proposal for High Profile/Government Individual
Security Proposal for High Profile/Government IndividualDayo Olujekun
 

Mais procurados (20)

The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind map
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
The real cost of a cheap security operations center
The real cost of a cheap security operations centerThe real cost of a cheap security operations center
The real cost of a cheap security operations center
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSAL
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity Assessment
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Security Proposal for High Profile/Government Individual
Security Proposal for High Profile/Government IndividualSecurity Proposal for High Profile/Government Individual
Security Proposal for High Profile/Government Individual
 

Destaque

Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Keynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforceKeynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforcePriyanka Aash
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisPriyanka Aash
 
Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Priyanka Aash
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsPriyanka Aash
 
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...Priyanka Aash
 
Keynote Session : Emerging Healthcare Tech & Future Security Impact
Keynote Session : Emerging Healthcare Tech & Future Security ImpactKeynote Session : Emerging Healthcare Tech & Future Security Impact
Keynote Session : Emerging Healthcare Tech & Future Security ImpactPriyanka Aash
 
Keynote Session : Kill The Password
Keynote Session : Kill The PasswordKeynote Session : Kill The Password
Keynote Session : Kill The PasswordPriyanka Aash
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwarePriyanka Aash
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Workshop on Endpoint Memory Forensics
Workshop on Endpoint Memory ForensicsWorkshop on Endpoint Memory Forensics
Workshop on Endpoint Memory ForensicsPriyanka Aash
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Сравнение хакеров Ирана, Китая и Северной Кореи
Сравнение хакеров Ирана, Китая и Северной КореиСравнение хакеров Ирана, Китая и Северной Кореи
Сравнение хакеров Ирана, Китая и Северной КореиPositive Hack Days
 
Defcon 22-richard-klafter-and-eric-swanson-check-your-finger
Defcon 22-richard-klafter-and-eric-swanson-check-your-fingerDefcon 22-richard-klafter-and-eric-swanson-check-your-finger
Defcon 22-richard-klafter-and-eric-swanson-check-your-fingerPriyanka Aash
 
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosDefcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosPriyanka Aash
 
Defcon 22-graham-mc millan-tentler-masscaning-the-internet
Defcon 22-graham-mc millan-tentler-masscaning-the-internetDefcon 22-graham-mc millan-tentler-masscaning-the-internet
Defcon 22-graham-mc millan-tentler-masscaning-the-internetPriyanka Aash
 

Destaque (20)

Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Keynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforceKeynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security Taskforce
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet Analysis
 
Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security Controls
 
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
 
Keynote Session : Emerging Healthcare Tech & Future Security Impact
Keynote Session : Emerging Healthcare Tech & Future Security ImpactKeynote Session : Emerging Healthcare Tech & Future Security Impact
Keynote Session : Emerging Healthcare Tech & Future Security Impact
 
Keynote Session : Kill The Password
Keynote Session : Kill The PasswordKeynote Session : Kill The Password
Keynote Session : Kill The Password
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Workshop on Endpoint Memory Forensics
Workshop on Endpoint Memory ForensicsWorkshop on Endpoint Memory Forensics
Workshop on Endpoint Memory Forensics
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Сравнение хакеров Ирана, Китая и Северной Кореи
Сравнение хакеров Ирана, Китая и Северной КореиСравнение хакеров Ирана, Китая и Северной Кореи
Сравнение хакеров Ирана, Китая и Северной Кореи
 
Defcon 22-richard-klafter-and-eric-swanson-check-your-finger
Defcon 22-richard-klafter-and-eric-swanson-check-your-fingerDefcon 22-richard-klafter-and-eric-swanson-check-your-finger
Defcon 22-richard-klafter-and-eric-swanson-check-your-finger
 
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosDefcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddos
 
Defcon 22-graham-mc millan-tentler-masscaning-the-internet
Defcon 22-graham-mc millan-tentler-masscaning-the-internetDefcon 22-graham-mc millan-tentler-masscaning-the-internet
Defcon 22-graham-mc millan-tentler-masscaning-the-internet
 

Semelhante a Keynote Session : NIST - Cyber Security Framework Measuring Security

NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) Priyanka Aash
 
Simplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game planSimplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game planSecurestorm
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITYRazorpoint Security
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 
Getting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramGetting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramCigital
 
Agile Relevance in the age of Continuous Everything ....
Agile Relevance in the age of Continuous Everything ....Agile Relevance in the age of Continuous Everything ....
Agile Relevance in the age of Continuous Everything ....Eturnti Consulting Pvt Ltd
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber SecurityStacy Willis
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020Brian Levine
 
Selling Infosec to the CSuite
Selling Infosec to the CSuiteSelling Infosec to the CSuite
Selling Infosec to the CSuiteDave R. Taylor
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016Prime Infoserv
 
2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccess2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccessasundaram1
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security CertificationsNithin Sai
 
2021 BSides Tampa Cyber Security Careers
2021 BSides Tampa Cyber Security Careers2021 BSides Tampa Cyber Security Careers
2021 BSides Tampa Cyber Security CareersScott Stanton
 
Operation: Next Summit Takeaways
Operation: Next Summit TakeawaysOperation: Next Summit Takeaways
Operation: Next Summit Takeawaysaccenture
 
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsInfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsVMware Tanzu
 
Michael Hordych: Cybersecurity, Software Engineering & Supply Chain в Україні...
Michael Hordych: Cybersecurity, Software Engineering & Supply Chain в Україні...Michael Hordych: Cybersecurity, Software Engineering & Supply Chain в Україні...
Michael Hordych: Cybersecurity, Software Engineering & Supply Chain в Україні...Lviv Startup Club
 
Shift Left Security: Development Does Not Want to Own It.
Shift Left Security: Development Does Not Want to Own It.Shift Left Security: Development Does Not Want to Own It.
Shift Left Security: Development Does Not Want to Own It.Aggregage
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015Shannon Lietz
 

Semelhante a Keynote Session : NIST - Cyber Security Framework Measuring Security (20)

NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
 
Simplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game planSimplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game plan
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
 
Getting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramGetting Executive Support for a Software Security Program
Getting Executive Support for a Software Security Program
 
Agile Relevance in the age of Continuous Everything ....
Agile Relevance in the age of Continuous Everything ....Agile Relevance in the age of Continuous Everything ....
Agile Relevance in the age of Continuous Everything ....
 
Under Defense
Under DefenseUnder Defense
Under Defense
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
 
Selling Infosec to the CSuite
Selling Infosec to the CSuiteSelling Infosec to the CSuite
Selling Infosec to the CSuite
 
Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccess2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccess
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security Certifications
 
2021 BSides Tampa Cyber Security Careers
2021 BSides Tampa Cyber Security Careers2021 BSides Tampa Cyber Security Careers
2021 BSides Tampa Cyber Security Careers
 
Operation: Next Summit Takeaways
Operation: Next Summit TakeawaysOperation: Next Summit Takeaways
Operation: Next Summit Takeaways
 
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsInfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
 
Michael Hordych: Cybersecurity, Software Engineering & Supply Chain в Україні...
Michael Hordych: Cybersecurity, Software Engineering & Supply Chain в Україні...Michael Hordych: Cybersecurity, Software Engineering & Supply Chain в Україні...
Michael Hordych: Cybersecurity, Software Engineering & Supply Chain в Україні...
 
Shift Left Security: Development Does Not Want to Own It.
Shift Left Security: Development Does Not Want to Own It.Shift Left Security: Development Does Not Want to Own It.
Shift Left Security: Development Does Not Want to Own It.
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015
 

Mais de Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

Mais de Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Último

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Keynote Session : NIST - Cyber Security Framework Measuring Security

  • 1. Critical Security Framework MEASURING Security Dick Bussiere | Technical Director | Asia Pacific
  • 2. Turbo Agenda  Whatisthe NISTCybersecurityFramework?  Why YOUshould care?  How wouldIapplyit?  How wouldImeasuremy effectiveness?
  • 3. Things to Ponder  205 Days until breach detected (APAC Average)?  Can you say with certainty that you are100% Secure?  Do you knowwith certainty that you haveNOT beenbreached?
  • 4. Heard on the street… Of organizations believesecurity should be a top orhigh priority of the business Of CEO’s viewsecurity as a top orhigh priority to the business Of organizationscompletely agree that the businesshasthe ability to defend itself from securityattacks
  • 5. IF YOU CAN’T MEASUREYOU CAN’T CONTROL
  • 6. IF YOU CAN’T MEASUREYOU CAN’T IMPROVE
  • 7. Communication Gap? Executive: • Brand & Reputation of Business • Ongoing Business Operations • Risk to Customers IT Team: • Is riskat anacceptable level? • What level of risk arewe exposed to? • Arewe compliant with all the regulations that apply to us? • Is thecybersecurityplatform operating as well as it should be? • Whereshould wespend additional money?
  • 8. The Survey Says… Security Frameworks guide the way… • 84% Leverage a security framework • Broad range of company sizes Wide Range of Frameworks Utilized • 44% used more than one framework • EOY 2016 - CSF (43%), CIS (44%) ISO (44%) Best practice & requirements drive CSF adoption • 70% adopted CSF because they consider it best practice • 29% adopted CSF because a partner required it Security Framework Adoption is a Journey • Only 1 in 5 rank their organization as very mature • More than half of CSF adopters require significant investment to fully conform Survey conducted by Dimensional Research, March 2016 316 IT and Security Professionals interviewed in US
  • 9. Why Cyber Security Framework?  Asksthe question“whatareyoudoing toimprove” ratherthan“did youimplement controlXYZ”  Results in a shiftfrom compliance to actionand specificoutcomes  Businessoriented  Has built-inmaturitymodel andgap analysis  No need to overlay another maturity modelon top of CSF  Measureswhereyou areand whereyou need to go  Can be implemented“piecemeal”as required,makingit moreappealing to business
  • 10.  Repeatable  Flexible  TechnologyNeutral  CostEffective  Measurable!  CommonLanguage WhyCyber Security Framework?
  • 11. Objectives of CSF in a nutshell Describe Current Security Posture Describe TargetSecurity Posture Continuous Improvement AssessProgress towards Target Posture CommunicateRisk
  • 12. A Frameworkof Frameworks ISO/IEC27001 CCSCSC1 ISA62443 NISTSP 800-53 COBIT 5 NISTCYBERSECURITY FRAMEWORK 5in 1!
  • 13. Framework Profile (Where you are and where you want to go) Framework Implementation Tiers (How you view cybersecurity) CSF Core (What it does) •Defines (measures) current state •Defines (measures) desired state •Tiers (4) that show how cybersecurity risks and processes are viewed within an organization •Required Tier based on perceived risk/benefit analysis •Identify •Protect •Detect •Restore •Recover The Cyber Security Framework at 40,000 feet…
  • 14. CSF Component 1 – FrameworkCore Framework Core Identify Detect RespondRecover Protect
  • 16. Risk Profile, Requirements & Resources ISO/IEC 27001 NIST Cybersecurity Framework CIS Critical Security Controls ISA 62443 “Normalization Layer” Use CSF to “Normalize to Common Language Existing Frameworks
  • 17. CSF Component 2 – FrameworkImplementation Tiers Partial Risk Informed Repeatable Adaptable  How cybersecurity risks and processes are viewed within organization Sophistication
  • 18. CSF Component 3 – FrameworkProfile  Presents overview of present and future cybersecurity posture  BusinessRequirements  RiskTolerance  Resources  Usedtodefine currentstate and desired state  Canhelp measure progress...
  • 19. How is CSF Different?  Expresses cybersecurity activities in a common language  Leverages existing standards –does not reinvent the wheel –can map existing processes/guidelines into CSF  Provides crucial guidance for reinforcing security controls while maintaining a focus on business objectives  Provides a vehicle to effectively measurecybersecurityeffectiveness independent of existing framework
  • 21. Thank You Dick Bussiere | Technical Director | Asia Pacific

Notas do Editor

  1. Framework of frameworks – Leverages many different standards at the same time.
  2. Identify Understand what’s important to the business and what the risks are Protect Develop safeguards to ensure CIA Detect Find bad things Respond What you do when bad things happen Recover How to restore what the bad guys broke Defines set of activities that achieve specific cybersecurity outcomes Functions define 5 basic cybersecurity activities: Identify, Protect, Detect, Respond, Recover Closely align with existing methodologies for Incident Management Categories subdivide functions into program needs and activities: Examples: Asset Management, Event Detection, Access Control Subcategories divide category into specific management or technical activities Examples: Data in transit is protected, Malware is detected Informative References are specific standards, guidelines, practices, etc Maps into existing frameworks
  3. Four Tiers that show how cybersecurity risks and processes are viewed within an organization Required Tier based on perceived risk/benefit analysis Tier 1 – Partial Tier 2 – Risk Informed Tier 3 – Repeatable Tier 4 - Adaptive Tier 1: Processes not formalized, risk managed ad-hoc and reactive. Cybersecurity activities not related to organizational risk objectives, threats, business requirements, etc Tier 2: Risk management practices approved by management but not organizational wide policy. Cybersecurity activities related to organizations risk objectives, threat environment. Tier 3: Risk management practices are formal policies. Cybersecurity practices updated continuously based on changing business requirements and risks. Tier 4: Organization changes cybersecurity practices based on lessons learned and predictive indicators from previous and current cybersecurity activities. Through a process of continuous improvement incorporating advanced cybersecurity technologies and practices, the organization actively adapts to a changing cybersecurity landscape and responds to evolving and sophisticated threats in a timely manner.