SlideShare una empresa de Scribd logo

Cybersecurity Risk Management Framework Strategy Workshop

Descargar como PPTX, PDF
Life Cycle Engineering
Life Cycle Engineering

The Cybersecurity Risk Management Framework Strategy for Defense Platform Systems course prepares command leadership to implement the National Institute of Standards and Technology’s (NIST) cybersecurity Risk Management Framework (RMF) from a Platform Information Technology (PIT) perspective. This one-day workshop reviews the five functions of cybersecurity that leadership must consider when making decisions about program resources and requirements.

Educación
1 de 12
1© Life Cycle Institute© Life Cycle Institute Cybersecurity Risk Management Framework Strategy for Defense Platform Systems Workshop
2© Life Cycle Institute Cybersecurity ensures information technology systems are available, reliable and secure Cybersecurity is… Software and hardware based Technical and non-technical Based on information from NSA, DoD, DISA and DoN
3© Life Cycle Institute Participants will learn how to: Explain the context of cybersecurity in Defense Platform IT (PIT) systems  Summarize how to apply the NIST Risk Management Framework to Defense Platform IT (PIT) systems  Estimate requirements and resources to address cybersecurity compliance in their organization/infrastructure 
4© Life Cycle Institute Cybersecurity Risk Management Framework Strategy for Defense Platform Systems Workshop 1-day workshop .7 Continuing education units (CEUs) Private Workshops may be tailored to your specific needs and delivered at your site.
5© Life Cycle Institute Who Should Attend Individuals and teams responsible for the application of Risk Management Framework People with funding authority for security. For example: – DoD Program Managers – Technical Managers – Technical Directors – Requirements Officers – IT Managers
6© Life Cycle Institute Review the Five Functions of Cybersecurity Identify Protect Detect Respond Recover
7© Life Cycle Institute Platform Information Technology (PIT) PIT process is a modified form of the DIACAP process. Differences include: • Signature approval cycle - the Certification Authority (CA- SPAWAR 05) is not involved in the PIT signature chain • Information Assurance Controls (IACs) is less restrictive than in DIACAP PIT Training • Because the PIT process is so similar to DIACAP, there is no separate training available. – DON-CIO PIT Policy of Feb 2010 applies until RMF transition. • Upon transition to RMF, PIT will be treated the same as any other IT system. Aboard or on a platform Standalone Interconnection to other platform IT Interconnection to other non- platform IT PIT Structures Computer resources that are physically part of, dedicated to, or essential in real time to the mission performance of special-purpose systems
8© Life Cycle Institute Risk Management Framework (RMF) • Replaces DIACAP • 6-step process – aligns to DIACAP phases Categorize Select Implement Assess Authorize Monitor
9© Life Cycle Institute RMF vs. DIACAP Security requirements and standards uniquely determined by each system. More granular than DIACAP. PIT is included. All systems inherit enterprise standards and requirements PIT systems have a separate process. Validator is a qualified, resourced, and permanent member of the CIO staff Validator is a qualified, resourced, and permanent member of the CIO staff 6 Steps (analogous to phases) 5 pre-defined phases. Each system works to a plan that aligns to the system life-cycle Accreditation status communicated via letter and status code (IATO, ATO) in EMASS Accreditation status communicated by assigned IA controls’ compliance ratings and letter and status code (ATO, IATO, ATT) in DIACAP Scorecard Automated tools, enterprise managed KS, requirements tied to architecture Automated tools, enterprise managed KS, requirements tied to architecture ATO means security risk is at an acceptable level to support mission and live data ATO means security risk is at an acceptable level to support mission and live data Continuous asynchronous monitoring; reaccreditation TBD; reviewed annually, FISMA reporting Continuous asynchronous monitoring; reaccreditation every 3-4 years; reviewed annually, FISMA reporting
10© Life Cycle Institute Learn to apply RMF Identify cyber threats Assign control strategies Analyze the cost and benefits of secure designs
11© Life Cycle Institute Reasons to Choose the Life Cycle Institute Extensive cybersecurity experience within DoD and commercial sector We provide vulnerability scanning, penetration testing, risk analysis and remediation services Our engineers are qualified mentors for industry-leading security trainers An active learning experience Learning by doing vs. lecture Group activities, assessments, case studies Network with peers Develop action plans to drive results post-training   
12© Life Cycle Institute Education@LCE.com www.LCE.com 800-556-9589 The Life Cycle Institute is the learning, leadership and change management practice at Life Cycle Engineering.

Recomendados

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 

Recomendados

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskMighty Guides, Inc.
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.360factors
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
Information Security at the Workplace
Information Security at the WorkplaceInformation Security at the Workplace
Information Security at the WorkplaceJohn Macasio
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsVidyalankar Institute of Technology
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk ManagementTudor Damian
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Introduction to Reliability Excellence
Introduction to Reliability ExcellenceIntroduction to Reliability Excellence
Introduction to Reliability ExcellenceLife Cycle Engineering
 
8 Factors to Fix a Dysfunctional Storeroom
8 Factors to Fix a Dysfunctional Storeroom8 Factors to Fix a Dysfunctional Storeroom
8 Factors to Fix a Dysfunctional StoreroomLife Cycle Engineering
 

Más contenido relacionado

La actualidad más candente

Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskMighty Guides, Inc.
 
Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.360factors
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
Information Security at the Workplace
Information Security at the WorkplaceInformation Security at the Workplace
Information Security at the WorkplaceJohn Macasio
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk ManagementTudor Damian
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 

La actualidad más candente (20)

Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity Risk
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
 
Information Security at the Workplace
Information Security at the WorkplaceInformation Security at the Workplace
Information Security at the Workplace
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment Basics
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 

Destacado

Introduction to Reliability Excellence
Introduction to Reliability ExcellenceIntroduction to Reliability Excellence
Introduction to Reliability ExcellenceLife Cycle Engineering
 
8 Factors to Fix a Dysfunctional Storeroom
8 Factors to Fix a Dysfunctional Storeroom8 Factors to Fix a Dysfunctional Storeroom
8 Factors to Fix a Dysfunctional StoreroomLife Cycle Engineering
 
ISO 55000: Asset Management System Workshop
ISO 55000: Asset Management System WorkshopISO 55000: Asset Management System Workshop
ISO 55000: Asset Management System WorkshopLife Cycle Engineering
 
5 Biggest Risks to Effective Asset Management
5 Biggest Risks to Effective Asset Management5 Biggest Risks to Effective Asset Management
5 Biggest Risks to Effective Asset ManagementLife Cycle Engineering
 
Institute of Asset Management Certificate Workshop
Institute of Asset Management Certificate WorkshopInstitute of Asset Management Certificate Workshop
Institute of Asset Management Certificate WorkshopLife Cycle Engineering
 
Hack Warz® Cyber Attack: A Hands-On Lab for Network Defenders
Hack Warz® Cyber Attack: A Hands-On Lab for Network DefendersHack Warz® Cyber Attack: A Hands-On Lab for Network Defenders
Hack Warz® Cyber Attack: A Hands-On Lab for Network DefendersLife Cycle Engineering
 
World class factory equipment spare parts program
World class factory equipment spare parts programWorld class factory equipment spare parts program
World class factory equipment spare parts programs_bhut
 

Destacado (11)

Introduction to Reliability Excellence
Introduction to Reliability ExcellenceIntroduction to Reliability Excellence
Introduction to Reliability Excellence
 
8 Factors to Fix a Dysfunctional Storeroom
8 Factors to Fix a Dysfunctional Storeroom8 Factors to Fix a Dysfunctional Storeroom
8 Factors to Fix a Dysfunctional Storeroom
 
ISO 55000: Asset Management System Workshop
ISO 55000: Asset Management System WorkshopISO 55000: Asset Management System Workshop
ISO 55000: Asset Management System Workshop
 
5 Biggest Risks to Effective Asset Management
5 Biggest Risks to Effective Asset Management5 Biggest Risks to Effective Asset Management
5 Biggest Risks to Effective Asset Management
 
Maintenance Management Certification
Maintenance Management CertificationMaintenance Management Certification
Maintenance Management Certification
 
Institute of Asset Management Certificate Workshop
Institute of Asset Management Certificate WorkshopInstitute of Asset Management Certificate Workshop
Institute of Asset Management Certificate Workshop
 
Competency Based Learning
Competency Based LearningCompetency Based Learning
Competency Based Learning
 
Hack Warz® Cyber Attack: A Hands-On Lab for Network Defenders
Hack Warz® Cyber Attack: A Hands-On Lab for Network DefendersHack Warz® Cyber Attack: A Hands-On Lab for Network Defenders
Hack Warz® Cyber Attack: A Hands-On Lab for Network Defenders
 
World class factory equipment spare parts program
World class factory equipment spare parts programWorld class factory equipment spare parts program
World class factory equipment spare parts program
 
Leading high performance teams
Leading high performance teamsLeading high performance teams
Leading high performance teams
 
Stakeholder Risk Management
Stakeholder Risk ManagementStakeholder Risk Management
Stakeholder Risk Management
 

Similar a Cybersecurity Risk Management Framework Strategy Workshop

CERTIFIED DATA CENTRE RISK PROFESSIONAL
CERTIFIED DATA CENTRE RISK PROFESSIONALCERTIFIED DATA CENTRE RISK PROFESSIONAL
CERTIFIED DATA CENTRE RISK PROFESSIONALDee Smith & Associates
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security CertificationsNithin Sai
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...akquinet enterprise solutions GmbH
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
CompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE OutlineCompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE OutlineExamcollection
 
Security & Risk Management
Security & Risk ManagementSecurity & Risk Management
Security & Risk ManagementAhmed Sayed-
 
CMGT 400 Effective Communication/tutorialrank.com
CMGT 400 Effective Communication/tutorialrank.com CMGT 400 Effective Communication/tutorialrank.com
CMGT 400 Effective Communication/tutorialrank.comjonhson268
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsRob Arnold
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
Revealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityRevealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityHelpSystems
 
In-House Development Vs. Off-the-Shelf – Factors to consider
In-House Development Vs. Off-the-Shelf – Factors to considerIn-House Development Vs. Off-the-Shelf – Factors to consider
In-House Development Vs. Off-the-Shelf – Factors to considerAgaram Technologies
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 

Similar a Cybersecurity Risk Management Framework Strategy Workshop (20)

CERTIFIED DATA CENTRE RISK PROFESSIONAL
CERTIFIED DATA CENTRE RISK PROFESSIONALCERTIFIED DATA CENTRE RISK PROFESSIONAL
CERTIFIED DATA CENTRE RISK PROFESSIONAL
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
GRCAlert Capabilities Deck - 2018
GRCAlert Capabilities Deck - 2018GRCAlert Capabilities Deck - 2018
GRCAlert Capabilities Deck - 2018
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security Certifications
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
CompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE OutlineCompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE Outline
 
Security & Risk Management
Security & Risk ManagementSecurity & Risk Management
Security & Risk Management
 
CMGT 400 Effective Communication/tutorialrank.com
CMGT 400 Effective Communication/tutorialrank.com CMGT 400 Effective Communication/tutorialrank.com
CMGT 400 Effective Communication/tutorialrank.com
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & Metrics
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Revealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityRevealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i Security
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
 
In-House Development Vs. Off-the-Shelf – Factors to consider
In-House Development Vs. Off-the-Shelf – Factors to considerIn-House Development Vs. Off-the-Shelf – Factors to consider
In-House Development Vs. Off-the-Shelf – Factors to consider
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 

Más de Life Cycle Engineering

LCE Corporate Capabilities Brief-Life Cycle Talent
LCE Corporate Capabilities Brief-Life Cycle TalentLCE Corporate Capabilities Brief-Life Cycle Talent
LCE Corporate Capabilities Brief-Life Cycle TalentLife Cycle Engineering
 
SMRP Body of Knowledge Guided Study Slide Share
SMRP Body of Knowledge Guided Study Slide ShareSMRP Body of Knowledge Guided Study Slide Share
SMRP Body of Knowledge Guided Study Slide ShareLife Cycle Engineering
 
10 Factors that May Affect the Future of Subsea Production
10 Factors that May Affect the Future of Subsea Production10 Factors that May Affect the Future of Subsea Production
10 Factors that May Affect the Future of Subsea ProductionLife Cycle Engineering
 
Reliability Engineering Certification Program
Reliability Engineering Certification ProgramReliability Engineering Certification Program
Reliability Engineering Certification ProgramLife Cycle Engineering
 
ISO 55000 for Leaders: Developing an Asset Management Policy
ISO 55000 for Leaders: Developing an Asset Management PolicyISO 55000 for Leaders: Developing an Asset Management Policy
ISO 55000 for Leaders: Developing an Asset Management PolicyLife Cycle Engineering
 
Connecting Reliability & Business + ISO 55000 Framework
Connecting Reliability & Business + ISO 55000 FrameworkConnecting Reliability & Business + ISO 55000 Framework
Connecting Reliability & Business + ISO 55000 FrameworkLife Cycle Engineering
 
Planning for Shutdowns, Turnarounds and Outages Workshop
Planning for Shutdowns, Turnarounds and Outages WorkshopPlanning for Shutdowns, Turnarounds and Outages Workshop
Planning for Shutdowns, Turnarounds and Outages WorkshopLife Cycle Engineering
 
Shutdown Turnaround and Outage Competency Improvement Program
Shutdown Turnaround and Outage Competency Improvement ProgramShutdown Turnaround and Outage Competency Improvement Program
Shutdown Turnaround and Outage Competency Improvement ProgramLife Cycle Engineering
 
Leadership for Shutdowns, Turnarounds and Outages Workshop
Leadership for Shutdowns, Turnarounds and Outages WorkshopLeadership for Shutdowns, Turnarounds and Outages Workshop
Leadership for Shutdowns, Turnarounds and Outages WorkshopLife Cycle Engineering
 
Introduction to Agile Software Development
Introduction to Agile Software DevelopmentIntroduction to Agile Software Development
Introduction to Agile Software DevelopmentLife Cycle Engineering
 

Más de Life Cycle Engineering (13)

LCE Corporate Capabilities Brief-Life Cycle Talent
LCE Corporate Capabilities Brief-Life Cycle TalentLCE Corporate Capabilities Brief-Life Cycle Talent
LCE Corporate Capabilities Brief-Life Cycle Talent
 
SMRP Body of Knowledge Guided Study Slide Share
SMRP Body of Knowledge Guided Study Slide ShareSMRP Body of Knowledge Guided Study Slide Share
SMRP Body of Knowledge Guided Study Slide Share
 
10 Factors that May Affect the Future of Subsea Production
10 Factors that May Affect the Future of Subsea Production10 Factors that May Affect the Future of Subsea Production
10 Factors that May Affect the Future of Subsea Production
 
Reliability Engineering Certification Program
Reliability Engineering Certification ProgramReliability Engineering Certification Program
Reliability Engineering Certification Program
 
ISO 55000 for Leaders: Developing an Asset Management Policy
ISO 55000 for Leaders: Developing an Asset Management PolicyISO 55000 for Leaders: Developing an Asset Management Policy
ISO 55000 for Leaders: Developing an Asset Management Policy
 
Connecting Reliability & Business + ISO 55000 Framework
Connecting Reliability & Business + ISO 55000 FrameworkConnecting Reliability & Business + ISO 55000 Framework
Connecting Reliability & Business + ISO 55000 Framework
 
Planning for Shutdowns, Turnarounds and Outages Workshop
Planning for Shutdowns, Turnarounds and Outages WorkshopPlanning for Shutdowns, Turnarounds and Outages Workshop
Planning for Shutdowns, Turnarounds and Outages Workshop
 
Shutdown Turnaround and Outage Competency Improvement Program
Shutdown Turnaround and Outage Competency Improvement ProgramShutdown Turnaround and Outage Competency Improvement Program
Shutdown Turnaround and Outage Competency Improvement Program
 
Leadership for Shutdowns, Turnarounds and Outages Workshop
Leadership for Shutdowns, Turnarounds and Outages WorkshopLeadership for Shutdowns, Turnarounds and Outages Workshop
Leadership for Shutdowns, Turnarounds and Outages Workshop
 
ISO 55000 Overview
ISO 55000 OverviewISO 55000 Overview
ISO 55000 Overview
 
Introduction to Agile Software Development
Introduction to Agile Software DevelopmentIntroduction to Agile Software Development
Introduction to Agile Software Development
 
Lean Maintenance Training
Lean Maintenance Training Lean Maintenance Training
Lean Maintenance Training
 
Leading a Lean Implementation
Leading a Lean ImplementationLeading a Lean Implementation
Leading a Lean Implementation
 

Último

Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersChitralekhaTherkar
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 

Último (20)

Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of Powders
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 

Cybersecurity Risk Management Framework Strategy Workshop

  • 1. 1© Life Cycle Institute© Life Cycle Institute Cybersecurity Risk Management Framework Strategy for Defense Platform Systems Workshop
  • 2. 2© Life Cycle Institute Cybersecurity ensures information technology systems are available, reliable and secure Cybersecurity is… Software and hardware based Technical and non-technical Based on information from NSA, DoD, DISA and DoN
  • 3. 3© Life Cycle Institute Participants will learn how to: Explain the context of cybersecurity in Defense Platform IT (PIT) systems  Summarize how to apply the NIST Risk Management Framework to Defense Platform IT (PIT) systems  Estimate requirements and resources to address cybersecurity compliance in their organization/infrastructure 
  • 4. 4© Life Cycle Institute Cybersecurity Risk Management Framework Strategy for Defense Platform Systems Workshop 1-day workshop .7 Continuing education units (CEUs) Private Workshops may be tailored to your specific needs and delivered at your site.
  • 5. 5© Life Cycle Institute Who Should Attend Individuals and teams responsible for the application of Risk Management Framework People with funding authority for security. For example: – DoD Program Managers – Technical Managers – Technical Directors – Requirements Officers – IT Managers
  • 6. 6© Life Cycle Institute Review the Five Functions of Cybersecurity Identify Protect Detect Respond Recover
  • 7. 7© Life Cycle Institute Platform Information Technology (PIT) PIT process is a modified form of the DIACAP process. Differences include: • Signature approval cycle - the Certification Authority (CA- SPAWAR 05) is not involved in the PIT signature chain • Information Assurance Controls (IACs) is less restrictive than in DIACAP PIT Training • Because the PIT process is so similar to DIACAP, there is no separate training available. – DON-CIO PIT Policy of Feb 2010 applies until RMF transition. • Upon transition to RMF, PIT will be treated the same as any other IT system. Aboard or on a platform Standalone Interconnection to other platform IT Interconnection to other non- platform IT PIT Structures Computer resources that are physically part of, dedicated to, or essential in real time to the mission performance of special-purpose systems
  • 8. 8© Life Cycle Institute Risk Management Framework (RMF) • Replaces DIACAP • 6-step process – aligns to DIACAP phases Categorize Select Implement Assess Authorize Monitor
  • 9. 9© Life Cycle Institute RMF vs. DIACAP Security requirements and standards uniquely determined by each system. More granular than DIACAP. PIT is included. All systems inherit enterprise standards and requirements PIT systems have a separate process. Validator is a qualified, resourced, and permanent member of the CIO staff Validator is a qualified, resourced, and permanent member of the CIO staff 6 Steps (analogous to phases) 5 pre-defined phases. Each system works to a plan that aligns to the system life-cycle Accreditation status communicated via letter and status code (IATO, ATO) in EMASS Accreditation status communicated by assigned IA controls’ compliance ratings and letter and status code (ATO, IATO, ATT) in DIACAP Scorecard Automated tools, enterprise managed KS, requirements tied to architecture Automated tools, enterprise managed KS, requirements tied to architecture ATO means security risk is at an acceptable level to support mission and live data ATO means security risk is at an acceptable level to support mission and live data Continuous asynchronous monitoring; reaccreditation TBD; reviewed annually, FISMA reporting Continuous asynchronous monitoring; reaccreditation every 3-4 years; reviewed annually, FISMA reporting
  • 10. 10© Life Cycle Institute Learn to apply RMF Identify cyber threats Assign control strategies Analyze the cost and benefits of secure designs
  • 11. 11© Life Cycle Institute Reasons to Choose the Life Cycle Institute Extensive cybersecurity experience within DoD and commercial sector We provide vulnerability scanning, penetration testing, risk analysis and remediation services Our engineers are qualified mentors for industry-leading security trainers An active learning experience Learning by doing vs. lecture Group activities, assessments, case studies Network with peers Develop action plans to drive results post-training   
  • 12. 12© Life Cycle Institute Education@LCE.com www.LCE.com 800-556-9589 The Life Cycle Institute is the learning, leadership and change management practice at Life Cycle Engineering.

Notas del editor

  1. Identify Protect Detect Respond Recover