SlideShare una empresa de Scribd logo

NIST CSF Overview

Priyanka Aash
Priyanka Aash

To help organizations charged with providing the nation's financial, energy, health care and other critical systems better protect their information and physical assets from cyber attack, the Commerce Department's National Institute of Standards and Technology (NIST) today released a Framework for Improving Critical Infrastructure Cybersecurity. The framework provides a structure that organizations, regulators and customers can use to create, guide, assess or improve comprehensive cybersecurity programs.

Tecnología
1 de 14
NIST CSF CP 100 - Pune
Objectives of CSF in a Nutshell Describe Current Security Posture Describe Target Security Posture Continuous Improvement Assess Progress towards Target Posture Communicate Risk
A framework of Frameworks ISA62443 ISO/IEC 27001 CCS CSC1 NIST SP 800 - 53 COBIT 5 NIST cyber security Framework
Framework Profile (Where you are and where you want to go) Framework Implementation Tiers (How you view cybersecurity) Framework Core (What it does) •Defines (measures) current state •Defines (measures) desired state •Tiers (4) that show how cybersecurity risks and processes are viewed within an organization •Required Tier based on perceived risk/benefit analysis •Identify •Protect •Detect •Restore •Recover High Level overview of the framework
Framework Core Identify Detect RespondRecover Protect The Framework Core
Framework core functions explained.. Identify • Understand what’s important to the business and what the risks are Protect • Develop safeguards to ensure CIA Detect • Find bad things Respond • What you do when bad things happen Recover • How to restore what the bad guys broke
Structure Microsoft Excel Worksheet
Function Unique Identifier Function Category Unique Identifier Category Subcategor y Informative References ID Identify ID.AM-1 Asset Manageme nt Physical devices within the organization are inventoried • CCS- CSC1 • COBIT 5 • ISA- 62443-2- 1:2009 ID.AM-2 Asset Manageme nt Software Platforms and Applications within the organization are inventoried • CCS- CSC1 • COBIT 5 • ISA- 62443-2- 1:2009 Structured example
Framework Implementation Tiers • How cybersecurity risks and processes are viewed within organization Partial Risk Informed Repeatable Adaptable Sophistication
Framework profile • Presents overview of present and future cybersecurity posture – Business Requirements – Risk Tolerance – Resources • Used to define current state and desired state – Can help measure progress...
A Common Language for All Levels Priorities Risk Appetite Budget Framework Profile Implementation Progress Vulnerabilities, Threats, Assets Status, Changes in Risk Executive Level Focus: Organizational risk Actions: Risk Decision/Priority Operations Level Focus: Risk Management Implementation Actions: Secure Infrastructure, Implement Profile Process Level Focus: Risk Management Actions: Select Profile, Allocate Budget
Process Prioritize and Scope Business Objectives Priorities Strategy Orient Related Systems Assets Regulations Risk Assessment Exposure Tolerance Create Current Profile Where you are now Create Target Profile Where you need to be Gap Analysis Delta between Current/Target Action Plan MEASURE
How is NIST CSF Different? • Expresses cybersecurity activities in a common language • Leverages existing standards – does not reinvent the wheel – can map existing processes/guidelines into CSF • Provides crucial guidance for reinforcing security controls while maintaining a focus on business objectives • Provides a vehicle to effectively measure cybersecurity effectiveness independent of existing framework
Thank you

Recomendados

Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 

Recomendados

Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1Denise Tawwab
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
OWASP Top Ten in Practice
OWASP Top Ten in PracticeOWASP Top Ten in Practice
OWASP Top Ten in PracticeSecurity Innovation
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0Maganathin Veeraragaloo
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber SecuritySteppa Cyber Security
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) Priyanka Aash
 

Más contenido relacionado

La actualidad más candente

Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1Denise Tawwab
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 

La actualidad más candente (20)

Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
OWASP Top Ten in Practice
OWASP Top Ten in PracticeOWASP Top Ten in Practice
OWASP Top Ten in Practice
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 

Similar a NIST CSF Overview

NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) Priyanka Aash
 
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK SultanINFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultancsandit
 
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
 
Keynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityKeynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityPriyanka Aash
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in icsMayur Mehta
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsRob Arnold
 
Verifikasi dan Validasi keamanan informasi
Verifikasi dan Validasi keamanan informasiVerifikasi dan Validasi keamanan informasi
Verifikasi dan Validasi keamanan informasirizqiariy
 
Making security champions in organization
Making security champions in organizationMaking security champions in organization
Making security champions in organizationkunwaratul hax0r
 
Shah Sheik Building a CSoC v1.2 DEFCAMP.pptx
Shah Sheik Building a CSoC v1.2 DEFCAMP.pptxShah Sheik Building a CSoC v1.2 DEFCAMP.pptx
Shah Sheik Building a CSoC v1.2 DEFCAMP.pptxmohamadchiri
 
Alienvault how to build a security operations center (on a budget) (2017, a...
Alienvault how to build a security operations center (on a budget) (2017, a...Alienvault how to build a security operations center (on a budget) (2017, a...
Alienvault how to build a security operations center (on a budget) (2017, a...Asep Syihabuddin
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsAlert Logic
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information securityAnant Shrivastava
 
Cloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxCloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxAdityaChawan4
 
Cissp exam-outline
Cissp exam-outlineCissp exam-outline
Cissp exam-outlineAhmet E
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA Information Security
 

Similar a NIST CSF Overview (20)

NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
 
From NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfFrom NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdf
 
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK SultanINFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
 
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) Assessment
 
Keynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityKeynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring Security
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in ics
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & Metrics
 
Verifikasi dan Validasi keamanan informasi
Verifikasi dan Validasi keamanan informasiVerifikasi dan Validasi keamanan informasi
Verifikasi dan Validasi keamanan informasi
 
Making security champions in organization
Making security champions in organizationMaking security champions in organization
Making security champions in organization
 
Shah Sheik Building a CSoC v1.2 DEFCAMP.pptx
Shah Sheik Building a CSoC v1.2 DEFCAMP.pptxShah Sheik Building a CSoC v1.2 DEFCAMP.pptx
Shah Sheik Building a CSoC v1.2 DEFCAMP.pptx
 
Alienvault how to build a security operations center (on a budget) (2017, a...
Alienvault how to build a security operations center (on a budget) (2017, a...Alienvault how to build a security operations center (on a budget) (2017, a...
Alienvault how to build a security operations center (on a budget) (2017, a...
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOps
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
Cloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxCloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptx
 
Blue Team
Blue TeamBlue Team
Blue Team
 
Cissp exam-outline
Cissp exam-outlineCissp exam-outline
Cissp exam-outline
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 

Más de Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

Más de Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Último

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Último (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

NIST CSF Overview

  • 2. Objectives of CSF in a Nutshell Describe Current Security Posture Describe Target Security Posture Continuous Improvement Assess Progress towards Target Posture Communicate Risk
  • 3. A framework of Frameworks ISA62443 ISO/IEC 27001 CCS CSC1 NIST SP 800 - 53 COBIT 5 NIST cyber security Framework
  • 4. Framework Profile (Where you are and where you want to go) Framework Implementation Tiers (How you view cybersecurity) Framework Core (What it does) •Defines (measures) current state •Defines (measures) desired state •Tiers (4) that show how cybersecurity risks and processes are viewed within an organization •Required Tier based on perceived risk/benefit analysis •Identify •Protect •Detect •Restore •Recover High Level overview of the framework
  • 6. Framework core functions explained.. Identify • Understand what’s important to the business and what the risks are Protect • Develop safeguards to ensure CIA Detect • Find bad things Respond • What you do when bad things happen Recover • How to restore what the bad guys broke
  • 8. Function Unique Identifier Function Category Unique Identifier Category Subcategor y Informative References ID Identify ID.AM-1 Asset Manageme nt Physical devices within the organization are inventoried • CCS- CSC1 • COBIT 5 • ISA- 62443-2- 1:2009 ID.AM-2 Asset Manageme nt Software Platforms and Applications within the organization are inventoried • CCS- CSC1 • COBIT 5 • ISA- 62443-2- 1:2009 Structured example
  • 9. Framework Implementation Tiers • How cybersecurity risks and processes are viewed within organization Partial Risk Informed Repeatable Adaptable Sophistication
  • 10. Framework profile • Presents overview of present and future cybersecurity posture – Business Requirements – Risk Tolerance – Resources • Used to define current state and desired state – Can help measure progress...
  • 11. A Common Language for All Levels Priorities Risk Appetite Budget Framework Profile Implementation Progress Vulnerabilities, Threats, Assets Status, Changes in Risk Executive Level Focus: Organizational risk Actions: Risk Decision/Priority Operations Level Focus: Risk Management Implementation Actions: Secure Infrastructure, Implement Profile Process Level Focus: Risk Management Actions: Select Profile, Allocate Budget
  • 12. Process Prioritize and Scope Business Objectives Priorities Strategy Orient Related Systems Assets Regulations Risk Assessment Exposure Tolerance Create Current Profile Where you are now Create Target Profile Where you need to be Gap Analysis Delta between Current/Target Action Plan MEASURE
  • 13. How is NIST CSF Different? • Expresses cybersecurity activities in a common language • Leverages existing standards – does not reinvent the wheel – can map existing processes/guidelines into CSF • Provides crucial guidance for reinforcing security controls while maintaining a focus on business objectives • Provides a vehicle to effectively measure cybersecurity effectiveness independent of existing framework