Welcome to Scribd!

Skip carousel

Cybersecurity Framework v1-1 Presentation

Uploaded by

SaulRamirez

0% found this document useful (0 votes)

6 views12 pages

Copyright

Available Formats

PPTX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

6 views12 pages

Cybersecurity Framework v1-1 Presentation

Uploaded by

SaulRamirez

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 12

Search inside document

The Cybersecurity Framework

Version 1.1

October 2019
Cybersecurity Framework History

• February 2013 - Executive Order 13636: Improving

Critical Infrastructure Cybersecurity

• December 2014 - Cybersecurity Enhancement Act of

2014 (P.L. 113-274)

• May 2017 - Executive Order 13800: Strengthening the

Cybersecurity of Federal Networks and Critical
Infrastructure
The Cybersecurity Framework
Three Primary Components
Core
Desired cybersecurity outcomes organized in a
hierarchy and aligned to more detailed guidance and
controls

Profiles
Alignment of an organization’s requirements and
objectives, risk appetite and resources using the
desired outcomes of the Framework Core

Implementation Tiers
A qualitative measure of organizational cybersecurity
risk management practices
Key Framework Attributes
Principles of Current and Future Versions of the Framework

• Common and accessible language

• Adaptable to many technologies, lifecycle
phases, sectors and uses
• Risk-based
• Based on international standards
• Living document
• Guided by many perspectives – private
sector, academia, public sector
The Framework Core
Establishes a Common Language

Function
• Describes desired outcomes
Identify
• Understandable by everyone
Protect • Applies to any type of risk
management
Detect
• Defines the entire breadth of
Respond cybersecurity

Recover • Spans both prevention and reaction

An Excerpt from the Framework Core
The Connected Path of Framework Outcomes

5 Functions 23 Categories 108 Subcategories 6 Informative References

Implementation Tiers
The Cybersecurity Framework Version 1.1

1 2 3 4
Partial Risk Informed Repeatable Adaptive
Risk The functionality and repeatability of cybersecurity risk
Management
Process management
Integrated Risk The extent to which cybersecurity is considered in
Management
Program broader risk management decisions
External The degree to which the organization:
Participation • monitors and manages supply chain risk1.1
• benefits my sharing or receiving information from
outside parties
Framework Update
The Cybersecurity Framework Version 1.1

• Applicability for all system lifecycle phases

• Enhanced guidance for managing cybersecurity within supply
chains and for buying decisions
• New guidance for self-assessment
• Better accounts for Authorization, Authentication, and Identity
Proofing
• Incorporates emerging vulnerability information (a.k.a.,
Coordinated Vulnerability Disclosure)
• Administratively updates the Informative References
International Use
Translations, Adaptations, and Other References World-Wide
Sample Resources
www.nist.gov/cyberframework/framework-resources

Manufacturing Profile
NIST Discrete Manufacturing Cyb
ersecurity Framework Profile

Financial Services Profile

Financial Services Sector Specific Cybersecurity “Profile”

Maritime Profile
Bulk Liquid Transport Profile
Success Stories
https://www.nist.gov/cyberframework/success-stories

University of Chicago Biological Sciences Division

Japan’s Cross-Sector Forum

ISACA

University of Pittsburgh

University of Kansas Medical Center

Multi-State Information Sharing & Analysis Center

STAYING IN TOUCH
NIST.gov/cyberframework
@ cyberframework@nist.gov

CSRC.NIST.gov NCCoE.NIST.gov

NIST.gov/topics/cybersecurity @NISTcyber

NIST Cybersecurity Framework
Document6 pages
NIST Cybersecurity Framework
sneha sureshbabu
No ratings yet
Information Security Risk Assessment Services Brief
Document2 pages
Information Security Risk Assessment Services Brief
ashokj1984
No ratings yet
2nd Quarter Exam Empowerment - Technologies
Document3 pages
2nd Quarter Exam Empowerment - Technologies
kathryn soriano
100% (11)
CRISC Glossary PDF
Document8 pages
CRISC Glossary PDF
Alex Dcosta
No ratings yet
CIS Risk Assessment Method (RAM) : Core Document
Document27 pages
CIS Risk Assessment Method (RAM) : Core Document
cipioo7
No ratings yet
EC-Council Certified Security Analyst Standard Requirements
From Everand
EC-Council Certified Security Analyst Standard Requirements
Gerardus Blokdyk
No ratings yet
Ey An Integrated Vision To Manage Cyber Risk PDF
Document24 pages
Ey An Integrated Vision To Manage Cyber Risk PDF
Maya M
100% (1)
Security 701 Exam Objectives Comparison Flyer Online
Document4 pages
Security 701 Exam Objectives Comparison Flyer Online
Wayne Wayne
No ratings yet
Network Segmentation
Document9 pages
Network Segmentation
Jose Luis Gomez
No ratings yet
BSI CyberSecurity Report
Document11 pages
BSI CyberSecurity Report
Jeya Shree Arunjunai Raj
No ratings yet
Cybersecurity Domains 3.1
Document1 page
Cybersecurity Domains 3.1
Shun Kam
No ratings yet
An Approach To Vulnerability Management: by Umesh Chavan, CISSP
Document3 pages
An Approach To Vulnerability Management: by Umesh Chavan, CISSP
Raju Patle
No ratings yet
Cyber Security Leadership Skills
Document16 pages
Cyber Security Leadership Skills
khuzem
100% (1)
Approaches To Enhancing Cyber Resilience: Report of The North Atlantic Treaty Organization (NATO) Workshop IST-153
Document44 pages
Approaches To Enhancing Cyber Resilience: Report of The North Atlantic Treaty Organization (NATO) Workshop IST-153
irawan saptono
No ratings yet
Sabsa Matrix 2009
Document1 page
Sabsa Matrix 2009
Eli_Hux
No ratings yet
Anatomy of A SOC
Document37 pages
Anatomy of A SOC
Digit Oktavianto
No ratings yet
Itil Guide Cyber Resilience UpGuard
Document14 pages
Itil Guide Cyber Resilience UpGuard
Ene Veber Raluca
100% (1)
Articulating The Business Value of Information Security: July 24, 2009
Document11 pages
Articulating The Business Value of Information Security: July 24, 2009
Anupam Koul
No ratings yet
CISM Implementation Guide
Document72 pages
CISM Implementation Guide
fabrice drogoul
No ratings yet
Advancing Cyber Resilience Principles and Tools For Boards
Document40 pages
Advancing Cyber Resilience Principles and Tools For Boards
Cristian Vargas
No ratings yet
Balbix New CISO Board Deck
Document42 pages
Balbix New CISO Board Deck
Sandesh Raut
No ratings yet
Application Security Posture Management: Secure Cloud-Native Applications at Scale
Document27 pages
Application Security Posture Management: Secure Cloud-Native Applications at Scale
Vlad Vikernes
No ratings yet
The Ultimate Guide To Attack Surface Management 2021
Document26 pages
The Ultimate Guide To Attack Surface Management 2021
john Bronson
No ratings yet
The CISO's Guide To Metrics That Matter in 2022
Document16 pages
The CISO's Guide To Metrics That Matter in 2022
Dave McCann
50% (2)
Tounsi - Threat Intelligence
Document22 pages
Tounsi - Threat Intelligence
Rafael Paim
No ratings yet
CIS - Establishing Essential Cyber Hygiene
Document29 pages
CIS - Establishing Essential Cyber Hygiene
Lyu Sey
No ratings yet
A Shift From Cybersecurity To Cyber Resilience: Ebook
Document13 pages
A Shift From Cybersecurity To Cyber Resilience: Ebook
churesashy
No ratings yet
The Comprehensive Playbook For Implementing Zero Trust Security
Document38 pages
The Comprehensive Playbook For Implementing Zero Trust Security
Kishore
No ratings yet
25 Cyber Security Frameworks
Document27 pages
25 Cyber Security Frameworks
Anupama Gadipati
No ratings yet
NIST Framework v1.1
Document56 pages
NIST Framework v1.1
justin
100% (1)
How To Mitigate Cyber Risks
Document10 pages
How To Mitigate Cyber Risks
toanquoc.doan
No ratings yet
Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents
From Everand
Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents
Eric C. Thompson
No ratings yet
Cyber Intelligence-Driven Risk: How to Build and Use Cyber Intelligence for Business Risk Decisions
From Everand
Cyber Intelligence-Driven Risk: How to Build and Use Cyber Intelligence for Business Risk Decisions
Richard O. Moore III
No ratings yet
Complying With The Federal Information Security Act (Fisma)
Document19 pages
Complying With The Federal Information Security Act (Fisma)
sresearcher7
No ratings yet
Frictionless Compressor Technology
Document14 pages
Frictionless Compressor Technology
NikkizGogas
60% (5)
SABSA Introduction
Document51 pages
SABSA Introduction
bobwillmore
100% (1)
Deloitte Cyber Threat Intelligence Cybersecurity 14
Document6 pages
Deloitte Cyber Threat Intelligence Cybersecurity 14
jota
No ratings yet
2018 PDF
Document73 pages
2018 PDF
Aldrin
No ratings yet
Cyber Resiliency and NIST 800-53
Document45 pages
Cyber Resiliency and NIST 800-53
Sakil Mahmud
No ratings yet
CISO Guidance Free Book by CRC Press
Document150 pages
CISO Guidance Free Book by CRC Press
Marcia Méndez
No ratings yet
A Guide To Assessing Security Maturity: Presented by Coalfire
Document14 pages
A Guide To Assessing Security Maturity: Presented by Coalfire
Henrique Guapo
No ratings yet
Information Security Risk
Document29 pages
Information Security Risk
dddibal
No ratings yet
Cybersecurity Capacity Maturity
Document60 pages
Cybersecurity Capacity Maturity
Nayo Verdugo Crespo
No ratings yet
A Practitioner's Guide to Adapting the NIST Cybersecurity Framework
From Everand
A Practitioner's Guide to Adapting the NIST Cybersecurity Framework
David Moskowitz
No ratings yet
B A Manifesto For Cyber Resilience PDF
Document17 pages
B A Manifesto For Cyber Resilience PDF
ashokjp
No ratings yet
Cyber Resilience Blueprint
Document12 pages
Cyber Resilience Blueprint
Brindusac
No ratings yet
The Cyber Exposure Score: How Secure Is
Document14 pages
The Cyber Exposure Score: How Secure Is
Ricardo Voltaire
No ratings yet
Integrating Ot Into It/Ot Socs: Executive Brief
Document4 pages
Integrating Ot Into It/Ot Socs: Executive Brief
Raghav
No ratings yet
Addressing The MITRE ATTACK For ICS Matrix
Document39 pages
Addressing The MITRE ATTACK For ICS Matrix
Com Digful
No ratings yet
BOSCH7
Document14 pages
BOSCH7
Georgiana Busuioc
No ratings yet
Immersive Labs The Ultimate Cyber Skills Strategy Cheat Sheet Ebook
Document19 pages
Immersive Labs The Ultimate Cyber Skills Strategy Cheat Sheet Ebook
Abdul waheed
No ratings yet
List of In-Principle Approvals
Document9 pages
List of In-Principle Approvals
Manasvi Mehta
No ratings yet
Sanet - st-5g Networks Background Issues and Security
Document432 pages
Sanet - st-5g Networks Background Issues and Security
odoanthony
No ratings yet
C2M2 v1 1 - Cor
Document76 pages
C2M2 v1 1 - Cor
EnricoMaresca
No ratings yet
Securing Microsoft 365 by Joe Stocker
Document270 pages
Securing Microsoft 365 by Joe Stocker
matthew lee
No ratings yet
Ey Cyber Resilience Inthe Digital Age Implications For The GCC Region
Document24 pages
Ey Cyber Resilience Inthe Digital Age Implications For The GCC Region
slusaf
No ratings yet
FFIEC CAT App B Map To NIST CSF June 2015 PDF4 PDF
Document24 pages
FFIEC CAT App B Map To NIST CSF June 2015 PDF4 PDF
yaya yahu
No ratings yet
Cyber-Security Report
Document27 pages
Cyber-Security Report
Javier Flor Gonzalez
No ratings yet
Navy RMF M4 RMFStep2SelectSecurityControlsV1.1
Document42 pages
Navy RMF M4 RMFStep2SelectSecurityControlsV1.1
Xavier Martin
No ratings yet
2019 Cloud Security Report Sponsored by (ISC) .
Document20 pages
2019 Cloud Security Report Sponsored by (ISC) .
qadir147
No ratings yet
CISM Model Questions
Document12 pages
CISM Model Questions
Kumar
0% (1)
Ransomware Attack Risks PDF
Document30 pages
Ransomware Attack Risks PDF
smart Tv
No ratings yet
The Logicnow Cyber Threat Guide: Nine Types of Internet Threats and How To Stop Them
Document44 pages
The Logicnow Cyber Threat Guide: Nine Types of Internet Threats and How To Stop Them
sunbrat
No ratings yet
Cyber Resilience
Document15 pages
Cyber Resilience
abiiboyo
No ratings yet
2014-03-03 - NCC Group - Whitepaper - Cyber Battle Ship v1-0
Document10 pages
2014-03-03 - NCC Group - Whitepaper - Cyber Battle Ship v1-0
Cerys Watkins
No ratings yet
CSX-Exam-Guide Bro Eng 1014
Document11 pages
CSX-Exam-Guide Bro Eng 1014
sackman1976
100% (1)
04 Quiz-Answer
Document2 pages
04 Quiz-Answer
Marc Gonzales
No ratings yet
Discovering Computers 2011: Living in A Digital World
Document74 pages
Discovering Computers 2011: Living in A Digital World
EEC Pakistan
No ratings yet
Erlang in Anger
Document93 pages
Erlang in Anger
prettyhat
No ratings yet
Chapter 05-2 ER-EER To Relational Mapping
Document27 pages
Chapter 05-2 ER-EER To Relational Mapping
Fantasypie 888
No ratings yet
MX710 MX711 MX810 MX811 MX812 7463 SM
Document807 pages
MX710 MX711 MX810 MX811 MX812 7463 SM
ARS
No ratings yet
Wireless Cellular Networks (Basics)
Document67 pages
Wireless Cellular Networks (Basics)
Asghar Akbari
No ratings yet
GGMM
Document5 pages
GGMM
Bayu Ardhi
No ratings yet
PWP Practical 6 PDF
Document4 pages
PWP Practical 6 PDF
pruthviraj patil
No ratings yet
Introduction To Ss7 Signalling
Document28 pages
Introduction To Ss7 Signalling
samy_subu
No ratings yet
Review Questions
Document15 pages
Review Questions
SuganthiVasan
No ratings yet
ESD Design Considerations For Ultra-Low Power Crystal Oscillators in Automotive Products
Document6 pages
ESD Design Considerations For Ultra-Low Power Crystal Oscillators in Automotive Products
Nguyen Van Toan
No ratings yet
Energy Engineering Project Proposal
Document10 pages
Energy Engineering Project Proposal
Renan John Canas
No ratings yet
Archer C80 (US) - UG - V1
Document99 pages
Archer C80 (US) - UG - V1
joseito741258
No ratings yet
COMPUTER ARCHITECTURE ch-1
Document38 pages
COMPUTER ARCHITECTURE ch-1
Tolera Tamiru
No ratings yet
PRO1 06E Blocks
Document26 pages
PRO1 06E Blocks
ING. OSCAR PACHECO
No ratings yet
Bibliografie - Coroziune, Solicitari Mecanice
Document3 pages
Bibliografie - Coroziune, Solicitari Mecanice
simonamemet
No ratings yet
Mitigation of Harmonics in A Three-Phase, Four-Wire Distribution System Using A System of Shunt Passive Filters
Document14 pages
Mitigation of Harmonics in A Three-Phase, Four-Wire Distribution System Using A System of Shunt Passive Filters
Rajendra Prasad Shukla
No ratings yet
Forouzan: MCQ in Introduction To Data Communications and Networking
Document12 pages
Forouzan: MCQ in Introduction To Data Communications and Networking
Faruk Khan
No ratings yet
804-Hermetic Refrigeration System Training Program - 5 Faults
Document2 pages
804-Hermetic Refrigeration System Training Program - 5 Faults
Daud Simon A
No ratings yet
RAN16.0 RNC in Pool Configuration Principles 02 (20140915)
Document65 pages
RAN16.0 RNC in Pool Configuration Principles 02 (20140915)
Miko Keren
No ratings yet
Conditional Execution: Boolean Expressions
Document12 pages
Conditional Execution: Boolean Expressions
Sharath Chandra
No ratings yet
Course in Non-Destructive Testing of Wood
Document3 pages
Course in Non-Destructive Testing of Wood
أحمد دعبس
No ratings yet
Untitled
Document40 pages
Untitled
Hassan Javaid
No ratings yet
SLT 1
Document6 pages
SLT 1
Gobinda Roy
No ratings yet