SlideShare uma empresa Scribd logo
1 de 5
Baixar para ler offline
January 2017 page 1
The NIST Cybersecurity Framework
Adopting the NIST Cybersecurity Framework can help any organization improve its
cyber readiness. Organizations that already have a security program based on
regulatory compliance requirements such as HIPAA and SOX or industry standards
such as PCI-DSS and ISO 27001 can use the framework to measure and
communicate the current effectiveness of implemented policies and processes
addressing cybersecurity risks. Organizations with no formal security program can
leverage the framework as a road map to identify business security needs and take
necessary steps to address cybersecurity risks to their data, operations, systems, and
employees.
Background
The framework is a result of a 2013 Presidential Executive Order titled
“Improving Critical Infrastructure Cybersecurity” which called for the
development of a voluntary risk-based cybersecurity framework based on
industry standards and best practices to help private sector organizations
manage cybersecurity risks. Faced with the growing tide of cyber attacks against
private businesses and organizations in industry sectors such as energy, financial
services, and healthcare, which are critical to our economy, national security,
and very way of life, this order was an attempt to help these organizations defend
against cybersecurity threats without creating additional regulatory burdens.
The resulting framework, released in 2014 after ten months of collaboration
between government and private sector security experts, creates a common
language to address and manage cybersecurity risk in a cost-effective manner
based on business needs.
Benefits of adopting the Framework
There are four key benefits an organization can realize by adopting the NIST
Cybersecurity Framework:
 Harmonize cybersecurity approaches and provide a common language for
discussing cybersecurity risks within and across organizations and industries.
 Establish the right level of security for an organization based on business
needs.
 Inform cybersecurity budget planning based in risk prioritization.
January 2017
page 2
 Communicate cybersecurity risk comprehensively to senior leadership.
Framework Components
The framework consists of three primary components: Core, Implementation Tiers,
and Profile.
The Core provides a set of activities, outcomes, and informative references providing
the detailed guidance for developing individual organizational risk management
profiles. It consists of five concurrent and continuous functions which provide a high
level, strategic view of the lifecycle of an organization’s management of
cybersecurity risk.
 Identify – Develop the organizational understanding to manage cybersecurity
risk to systems, assets, data, and capabilities.
 Protect – Develop and implement the appropriate safeguards to ensure delivery
of critical infrastructure services.
 Detect – Develop and implement the appropriate activities to identify the
occurrence of a cybersecurity event.
 Respond – Develop and implement the appropriate activities to take action
regarding a detected cybersecurity event.
 Recover – Develop and implement the appropriate activities to maintain plans
for resilience and to restore any capabilities or services that were impaired due to
a cybersecurity event.
January 2017
page 3
The Implementation Tiers provide context on how an organization views
cybersecurity risk and processes in place to manage that risk. Tiers describes the
degree to which an organization’s cybersecurity risk management practices exhibit
the characteristics defined in the framework.
 Tier 1 (Partial) – Risks are managed in an ad hoc manner with limited
awareness of risks.
 Tier 2 (Risk Informed) – Risk management processes and program are in
place but are not integrated enterprise-wide.
 Tier 3 (Repeatable) – Formal policies for risk management processes and
program are in place enterprise-wide.
 Tier 4 (Adaptive) – Risk management processes and programs are based on
lessons and predictive indicators derived from previous and current
cybersecurity activities.
The Profile component represents cybersecurity outcomes based on business needs
that an organization has selected from Core function categories. Profiles can be used
to identify gaps and opportunities for improving an organization’s cybersecurity risk
management posture by creating a “Current” Profile which represents the current
organization risk management posture based on implemented policies, processing,
and controls and a “Target” Profile which represents the desired posture based on
business needs. Gaps between the current and target profiles establish the baseline for
implementation of the framework and improving an organization’s cybersecurity
readiness.
January 2017
page 4
Bottom Line - And Next Steps
The first step to improving organizational cyber readiness is an initial “fitness”
assessment based on the framework. NIST has provided access to all framework
related information including a Reference Tool to help organizations looking to
implement the framework on their website.
Organizations that need help implementing the framework or want to learn more
about its benefits can visit the MCGlobalTech CyberRx Risk Intelligence Solution
which automates the framework and helps organizations determine their
cybersecurity risk exposure and the potential financial impact of a successful data
breach.
Source: https://www.nist.gov/cyberframework
January 2017
page 5
About William McBorrough
William J. McBorrough is an Information Assurance and Cyber Security leader
with an extensive background managing, designing, and implementing
medium and large enterprise physical and information technology security
solutions and programs. Mr. McBorrough is Co-Founder and Managing
Principal at MCGlobalTech, a Washington, DC-based Information Security
Management Consulting firm where he helps clients in the public and private
sectors build Risk-Focused Security Programs. Mr. McBorrough has served on
the faculty of various universities including University of Maryland University College, EC-Council
University, George Mason University and Northern Virginia Community College where he has
conducted research and taught graduate and undergraduate courses relating to cybersecurity,
cybercrime, cyberterrorism, and information security and assurance. He is a Certified Information
Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in
Risk Information System Control (CRISC), Certified Ethical Hacker (CEH) and HITRUST Certified
Common Security Framework Practitioner (CCSFP).

Mais conteúdo relacionado

Mais procurados

Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
William Godwin
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk Management
Shaun Sloan
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & Strategy
Tony Hauxwell
 

Mais procurados (19)

Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk Management
 
CISSPills #3.05
CISSPills #3.05CISSPills #3.05
CISSPills #3.05
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & Strategy
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to Success
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-Fundamentals
 
Simplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game planSimplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game plan
 
Transforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence SharingTransforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence Sharing
 
ORX cyber and information security risk (CISR) initiative overview, July 2019
ORX cyber and information security risk (CISR) initiative overview, July 2019ORX cyber and information security risk (CISR) initiative overview, July 2019
ORX cyber and information security risk (CISR) initiative overview, July 2019
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and Prospect
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress Nyc
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
 
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
 
Week 1&2 intro_ v2-upload
Week 1&2 intro_ v2-uploadWeek 1&2 intro_ v2-upload
Week 1&2 intro_ v2-upload
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWS
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & Metrics
 

Semelhante a Improving Cyber Readiness with the NIST Cybersecurity Framework

Project 7 - Organization Security PlanChoose an organization fro.docx
Project 7 - Organization Security PlanChoose an organization fro.docxProject 7 - Organization Security PlanChoose an organization fro.docx
Project 7 - Organization Security PlanChoose an organization fro.docx
anitramcroberts
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
Sergey Erohin
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
Sergey Erohin
 
NIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTNIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NIST
ebonyman0007
 
Project 7 Organization Security PlanChoose an organization from.docx
Project 7 Organization Security PlanChoose an organization from.docxProject 7 Organization Security PlanChoose an organization from.docx
Project 7 Organization Security PlanChoose an organization from.docx
wkyra78
 
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T
D e c e m b e r  2 0 1 4  J O U R N A L  O F  I N T E R N E T D e c e m b e r  2 0 1 4  J O U R N A L  O F  I N T E R N E T
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T
OllieShoresna
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
nooralmousa
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
Ayham Kochaji
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
MargenePurnell14
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
bagotjesusa
 

Semelhante a Improving Cyber Readiness with the NIST Cybersecurity Framework (20)

Project 7 - Organization Security PlanChoose an organization fro.docx
Project 7 - Organization Security PlanChoose an organization fro.docxProject 7 - Organization Security PlanChoose an organization fro.docx
Project 7 - Organization Security PlanChoose an organization fro.docx
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
NIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTNIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NIST
 
Project 7 Organization Security PlanChoose an organization from.docx
Project 7 Organization Security PlanChoose an organization from.docxProject 7 Organization Security PlanChoose an organization from.docx
Project 7 Organization Security PlanChoose an organization from.docx
 
CIS20 CSCs+mapping to NIST+ISO.pdf
CIS20 CSCs+mapping to NIST+ISO.pdfCIS20 CSCs+mapping to NIST+ISO.pdf
CIS20 CSCs+mapping to NIST+ISO.pdf
 
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T
D e c e m b e r  2 0 1 4  J O U R N A L  O F  I N T E R N E T D e c e m b e r  2 0 1 4  J O U R N A L  O F  I N T E R N E T
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
 
Department of Homeland Security Guidance
Department of Homeland Security GuidanceDepartment of Homeland Security Guidance
Department of Homeland Security Guidance
 
DHS Guidelines
DHS GuidelinesDHS Guidelines
DHS Guidelines
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE  Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 

Mais de William McBorrough

MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
William McBorrough
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
William McBorrough
 

Mais de William McBorrough (20)

MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance Service
 
MCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance Program
 
MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement
 
Cybersecurity Career Information by Next Gen Cyber
Cybersecurity Career Information by Next Gen CyberCybersecurity Career Information by Next Gen Cyber
Cybersecurity Career Information by Next Gen Cyber
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
MCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management ProgramMCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management Program
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
 
MCG_OnePageBrochure_Final
MCG_OnePageBrochure_FinalMCG_OnePageBrochure_Final
MCG_OnePageBrochure_Final
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management Framework
 
MCGlobalTech Capability Statement
MCGlobalTech Capability StatementMCGlobalTech Capability Statement
MCGlobalTech Capability Statement
 
Managing Security Risks in Manufacturing
Managing Security Risks in ManufacturingManaging Security Risks in Manufacturing
Managing Security Risks in Manufacturing
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
Protecting Customer Confidential Information
Protecting Customer Confidential InformationProtecting Customer Confidential Information
Protecting Customer Confidential Information
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law Please
 

Último

Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
dlhescort
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
lizamodels9
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
allensay1
 

Último (20)

How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)-  A new venture conceptBusiness Model Canvas (BMC)-  A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 

Improving Cyber Readiness with the NIST Cybersecurity Framework

  • 1. January 2017 page 1 The NIST Cybersecurity Framework Adopting the NIST Cybersecurity Framework can help any organization improve its cyber readiness. Organizations that already have a security program based on regulatory compliance requirements such as HIPAA and SOX or industry standards such as PCI-DSS and ISO 27001 can use the framework to measure and communicate the current effectiveness of implemented policies and processes addressing cybersecurity risks. Organizations with no formal security program can leverage the framework as a road map to identify business security needs and take necessary steps to address cybersecurity risks to their data, operations, systems, and employees. Background The framework is a result of a 2013 Presidential Executive Order titled “Improving Critical Infrastructure Cybersecurity” which called for the development of a voluntary risk-based cybersecurity framework based on industry standards and best practices to help private sector organizations manage cybersecurity risks. Faced with the growing tide of cyber attacks against private businesses and organizations in industry sectors such as energy, financial services, and healthcare, which are critical to our economy, national security, and very way of life, this order was an attempt to help these organizations defend against cybersecurity threats without creating additional regulatory burdens. The resulting framework, released in 2014 after ten months of collaboration between government and private sector security experts, creates a common language to address and manage cybersecurity risk in a cost-effective manner based on business needs. Benefits of adopting the Framework There are four key benefits an organization can realize by adopting the NIST Cybersecurity Framework:  Harmonize cybersecurity approaches and provide a common language for discussing cybersecurity risks within and across organizations and industries.  Establish the right level of security for an organization based on business needs.  Inform cybersecurity budget planning based in risk prioritization.
  • 2. January 2017 page 2  Communicate cybersecurity risk comprehensively to senior leadership. Framework Components The framework consists of three primary components: Core, Implementation Tiers, and Profile. The Core provides a set of activities, outcomes, and informative references providing the detailed guidance for developing individual organizational risk management profiles. It consists of five concurrent and continuous functions which provide a high level, strategic view of the lifecycle of an organization’s management of cybersecurity risk.  Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.  Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.  Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.  Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.  Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.
  • 3. January 2017 page 3 The Implementation Tiers provide context on how an organization views cybersecurity risk and processes in place to manage that risk. Tiers describes the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the framework.  Tier 1 (Partial) – Risks are managed in an ad hoc manner with limited awareness of risks.  Tier 2 (Risk Informed) – Risk management processes and program are in place but are not integrated enterprise-wide.  Tier 3 (Repeatable) – Formal policies for risk management processes and program are in place enterprise-wide.  Tier 4 (Adaptive) – Risk management processes and programs are based on lessons and predictive indicators derived from previous and current cybersecurity activities. The Profile component represents cybersecurity outcomes based on business needs that an organization has selected from Core function categories. Profiles can be used to identify gaps and opportunities for improving an organization’s cybersecurity risk management posture by creating a “Current” Profile which represents the current organization risk management posture based on implemented policies, processing, and controls and a “Target” Profile which represents the desired posture based on business needs. Gaps between the current and target profiles establish the baseline for implementation of the framework and improving an organization’s cybersecurity readiness.
  • 4. January 2017 page 4 Bottom Line - And Next Steps The first step to improving organizational cyber readiness is an initial “fitness” assessment based on the framework. NIST has provided access to all framework related information including a Reference Tool to help organizations looking to implement the framework on their website. Organizations that need help implementing the framework or want to learn more about its benefits can visit the MCGlobalTech CyberRx Risk Intelligence Solution which automates the framework and helps organizations determine their cybersecurity risk exposure and the potential financial impact of a successful data breach. Source: https://www.nist.gov/cyberframework
  • 5. January 2017 page 5 About William McBorrough William J. McBorrough is an Information Assurance and Cyber Security leader with an extensive background managing, designing, and implementing medium and large enterprise physical and information technology security solutions and programs. Mr. McBorrough is Co-Founder and Managing Principal at MCGlobalTech, a Washington, DC-based Information Security Management Consulting firm where he helps clients in the public and private sectors build Risk-Focused Security Programs. Mr. McBorrough has served on the faculty of various universities including University of Maryland University College, EC-Council University, George Mason University and Northern Virginia Community College where he has conducted research and taught graduate and undergraduate courses relating to cybersecurity, cybercrime, cyberterrorism, and information security and assurance. He is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk Information System Control (CRISC), Certified Ethical Hacker (CEH) and HITRUST Certified Common Security Framework Practitioner (CCSFP).