NIST Cybersecurity Framework. ARC World Industry Forum 2014



Similar documents
Framework for Improving Critical Infrastructure Cybersecurity

Cybersecurity Framework: Current Status and Next Steps

Framework for Improving Critical Infrastructure Cybersecurity

Cybersecurity Framework. Executive Order Improving Critical Infrastructure Cybersecurity

National Institute of Standards and Technology Smart Grid Cybersecurity

How To Write A Cybersecurity Framework

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order Improving Critical Infrastructure Cybersecurity

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

Framework for Improving Critical Infrastructure Cybersecurity

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity

Billing Code: 3510-EA

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, 2014 Utilities Telecom Council

PROTIVITI FLASH REPORT

Applying Framework to Mobile & BYOD

No. 33 February 19, The President

Framework for Improving Critical Infrastructure Cybersecurity

CForum: A Community Driven Solution to Cybersecurity Challenges

Framework for Improving Critical Infrastructure Cybersecurity

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013.

Building Security In:

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

Westlaw Journal. What is the Cybersecurity Framework? Risk Management Process And Pathway to Corporate Liability? Expert Analysis

How To Understand And Manage Cybersecurity Risk

Health Industry Implementation of the NIST Cybersecurity Framework

Framework for Improving Critical Infrastructure Cybersecurity

Business Continuity for Cyber Threat

70% of US Business Will Be Impacted by the Cybersecurity Framework: Are You Ready?

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity

NIST Cybersecurity Framework What It Means for Energy Companies

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework

Envisioning Collaboration for Medical Device and Healthcare Cybersecurity

Why you should adopt the NIST Cybersecurity Framework

Cybersecurity as a Risk Factor in doing business

Intel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security

NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH

Which cybersecurity standard is most relevant for a water utility?

Delving Into FCC's 'Damn Important' Cybersecurity Report

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS

NIST Cybersecurity Framework & A Tale of Two Criticalities

Improving Critical Infrastructure Cybersecurity Executive Order Preliminary Cybersecurity Framework

The NIST Cybersecurity Framework

Understanding the NIST Cybersecurity Framework September 30, 2014

C2M2 and the NIST Cyber Framework: Applying DOE's NIST Cyber Security Framework Guidance

September 28, MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst

istockphoto/ljupco 36 June 2015 practicallaw.com 2015 Thomson Reuters. All rights reserved.

NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo

Implementing the U.S. Cybersecurity Framework at Intel A Case Study

Cybersecurity: What CFO s Need to Know

Examining the Evolving Cyber Insurance Marketplace

Cybersecurity for Medical Devices

Suzanne B. Schwartz, MD, MBA Director Emergency Preparedness/Operations & Medical Countermeasures (EMCM Program) CDRH/FDA

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You!

ASSESSING VENDORS USING THE NIST CYBERSECURITY FRAMEWORK

The Cybersecurity Framework and the SAFETY Act a Primer for Temple Business School

Cyber Security. U.S. Executive Order and Critical Security Capabilities to Consider. Intel Corporation. White Paper. Authors

DOE Cyber Security Policy Perspectives

Modalities for Cyber Security and Privacy Resilience: The NIST Approach

The Cybersecurity Framework in Action: An Intel Use Case

Applying IBM Security solutions to the NIST Cybersecurity Framework

Report: An Analysis of US Government Proposed Cyber Incentives. Author: Joe Stuntz, MBA EP 14, McDonough School of Business

Re: Request for Comments on the Preliminary Cybersecurity Framework

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM

The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session

Build an Adaptive Awareness Program Based on NIST's Cybersecurity Framework

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

Why you should adopt the NIST Cybersecurity Framework

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

December 13, Submitted via to

April 8, Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

RECOMMENDED CHARTER FOR THE IDENTITY ECOSYSTEM STEERING GROUP

Discussion Draft of the Preliminary Cybersecurity Framework

CONCEPTS IN CYBER SECURITY

Federal Highway Administration Director, Office of Transportation Management

Preventing and Defending Against Cyber Attacks June 2011

Response to NIST: Developing a Framework to Improve Critical Infrastructure Cybersecurity

Ed McMurray, CISA, CISSP, CTGA CoNetrix

NICE and Framework Overview

December 8, Security Authorization of Information Systems in Cloud Computing Environments

Cloud Cyber Incident Sharing Center (CISC) Jim Reavis CEO, Cloud Security Alliance

Transcription:

NIST Cybersecurity Framework Vicky Yan Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL

Executive Order 13636 Improving Critical Infrastructure Cybersecurity It is the policy of the United States to enhance the security and resilience of the Nation s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties NIST is directed to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure This Cybersecurity Framework is being developed in an open manner with input from stakeholders in industry, academia, and government, including a public review and comment process, workshops, and other means of engagement. 2

The Cybersecurity Framework For the Cybersecurity Framework to meet the requirements of the Executive Order, it must: include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. provide a prioritized, flexible, repeatable, performancebased, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk. identify areas for improvement that should be addressed through future collaboration with particular sectors and standards-developing organizations able technical innovation and account for organizational differences include guidance for measuring the performance of an entity in implementing the Cybersecurity Framework. 3

The Cybersecurity Framework 3 main elements of the Framework that reinforces the connection between business drivers and cybersecurity activities: Framework Core Framework Implementation Tiers Framework Profile 4

The Framework Core 5

Framework Implementation Tiers Provide context on how an organization views cybersecurity risk and the processes in place to manage that risk Tiers range from Partial to Adaptive, describing an increasing degree of rigor and sophistication in: cybersecurity risk management practices the extent to which cybersecurity risk management is informed by business needs and integrated into overall risk management practices 6

The Framework Profile Alignment of Functions, Categories, and Subcategories with business requirements, risk tolerance, and resources of the organization Enables organizations to establish a roadmap for reducing cybersecurity risk that: Is aligned with organizational and sector goals considers legal/regulatory requirements considers industry best practices reflects risk management priorities 7

How to Use the Framework Basic Review of Cybersecurity Practices Establishing or Improving a Cybersecurity Program Communicating Cybersecurity Requirements with Stakeholders Identifying Opportunities for New or Revised Informative References Methodology to Protect Privacy and Civil Liberties 8

Cybersecurity Framework Adoption An organization adopts the framework when it uses the Cybersecurity Framework as a key part of its systematic process for identifying, assessing, prioritizing, and/or communicating: cybersecurity risks, current approaches and efforts to address those risks, and steps needed to reduce cybersecurity risks as part of its management of the organization s broader risks and priorities 9

Voluntary Program for Critical Infrastructure Cybersecurity Enhancement The Department of Homeland Security (DHS) is leading the development of a Voluntary Program for Critical Infrastructure Cybersecurity Enhancement. The Voluntary Program will: Be the coordination point within the federal government for critical infrastructure owners and operators interested in improving their cyber risk management processes. Coordinate additional CSF outreach activities through partnership with Sector Specific Agencies, Sector Coordinating Councils, and other industry partners Voluntary Program Goals: 1. Support industry in increasing cyber resilience 2. Increase awareness and use of the CSF in support of the first goal For more information about the DHS Voluntary Program, please contact: DHSVoluntaryProgram@hq.dhs.gov 10

Next Steps The Cybersecurity Framework will be announced in the Federal Register and posted on the NIST Cybersecurity Framework site on February 13, 2014 NIST will also release a DRAFT roadmap that identifies next steps and areas for further development and harmonization Additional workshop to be held in 2014 to review stakeholder experience with Version 1.0, progress with implementing the roadmap, and questions around longterm governance For additional questions and questions please contact us at: cyberframework@nist.gov 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information