The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013.



Similar documents
NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

Cybersecurity Framework. Executive Order Improving Critical Infrastructure Cybersecurity

CONCEPTS IN CYBER SECURITY

NIST Cybersecurity Framework & A Tale of Two Criticalities

How To Write A Cybersecurity Framework

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Intel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security

Cybersecurity Framework: Current Status and Next Steps

Framework for Improving Critical Infrastructure Cybersecurity

Why you should adopt the NIST Cybersecurity Framework

Applying Framework to Mobile & BYOD

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, 2014 Utilities Telecom Council

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Building Security In:

CRR-NIST CSF Crosswalk 1

Framework for Improving Critical Infrastructure Cybersecurity

Cybersecurity Framework Security Policy Mapping Table

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session

Framework for Improving Critical Infrastructure Cybersecurity

NIST Cybersecurity Framework. ARC World Industry Forum 2014

Framework for Improving Critical Infrastructure Cybersecurity

Improving Critical Infrastructure Cybersecurity Executive Order Preliminary Cybersecurity Framework

Framework for Improving Critical Infrastructure Cybersecurity

Critical Manufacturing Cybersecurity Framework Implementation Guidance

The NIST Cybersecurity Framework

How To Understand And Manage Cybersecurity Risk

Happy First Anniversary NIST Cybersecurity Framework:

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Applying IBM Security solutions to the NIST Cybersecurity Framework

NIST Cybersecurity Framework What It Means for Energy Companies

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst

The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide

Framework for Improving Critical Infrastructure Cybersecurity

istockphoto/ljupco 36 June 2015 practicallaw.com 2015 Thomson Reuters. All rights reserved.

Framework for Improving Critical Infrastructure Cybersecurity

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

PROTIVITI FLASH REPORT

Why you should adopt the NIST Cybersecurity Framework

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You!

Health Industry Implementation of the NIST Cybersecurity Framework

April 28, Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC

Business Continuity for Cyber Threat

Water Sector Approach to Cybersecurity Risk Management

ICBA Summary of FFIEC Cybersecurity Assessment Tool

NIST National Institute of Standards and Technology

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

Automation Suite for NIST Cyber Security Framework

Risk Management in Practice A Guide for the Electric Sector

Click to edit Master title style

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

Discussion Draft of the Preliminary Cybersecurity Framework

Which cybersecurity standard is most relevant for a water utility?

Implementing the U.S. Cybersecurity Framework at Intel A Case Study

70% of US Business Will Be Impacted by the Cybersecurity Framework: Are You Ready?

Understanding the NIST Cybersecurity Framework September 30, 2014

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

Middle Class Economics: Cybersecurity Updated August 7, 2015

CForum: A Community Driven Solution to Cybersecurity Challenges

Information Security Risk Management

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

CSF Support for HIPAA and NIST Implementation and Compliance

FFIEC Cybersecurity Assessment Tool

Assessing the Effectiveness of a Cybersecurity Program

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework

Looking at the SANS 20 Critical Security Controls

Cybersecurity: What CFO s Need to Know

Overview TECHIS Manage information security business resilience activities

NARA s Information Security Program. OIG Audit Report No October 27, 2014

Navigating the NIST Cybersecurity Framework

National Institute of Standards and Technology Smart Grid Cybersecurity

NIST Unveils Preliminary Cybersecurity Framework

Remarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel

Business Continuity / Disaster Recovery Context

IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Framework for Improving Critical Infrastructure Cybersecurity

Cybersecurity Enhancement Account. FY 2017 President s Budget

Building a More Secure and Prosperous Texas through Expanded Cybersecurity

Preparing for the Convergence of Risk Management & Business Continuity

C2M2 and the NIST Cyber Framework: Applying DOE's NIST Cyber Security Framework Guidance

NIST SP , Revision 1 Contingency Planning Guide for Federal Information Systems

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order Improving Critical Infrastructure Cybersecurity

Disaster Recovery Policy

Data Breach Response Planning: Laying the Right Foundation

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

Portal Storm: A Cyber/Business Continuity Exercise. Cyber Security Initiatives

CYBERSECURITY INVESTIGATIONS

Transcription:

The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013. The Executive Order calls for the development of a voluntary risk based Cybersecurity Framework a set of industry standards and best practices to help organizations manage cybersecurity risks. From this executive order the National Institute of Standards and Technology (NIST) through collaboration between government and the private sector provided a voluntary framework for addressing the advanced persistent threat to the nation s critical infrastructure. NASCIO and the National Governor s Association have been urging states to adopt the NIST Cybersecurity Framework since its release in February 2014. 1

There are 3 main components of the Cybersecurity framework Implementation Tiers Overview of organizations maturity level on risk management Framework Core Set of cybersecurity activities, desired outcomes and references based on existing best practices. Technology neutral. Framework Profile Snapshot of today in a given category, roadmap for tomorrow Our Enterprise Policies are base from the Framework Core 2

3

Identify Protect Detect Respond Recover Each Function has a Unique Identifier, and Categories associated with the Function. ***The description for each of these Functions, is also describing each policy. This graphic can be useful when reading though each policy. Identify Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Categories within this Function include: Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy Protect 4

Detect Respond Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. Function supports the ability to limit or contain the impact of a potential cybersecurity event. Categories within this Function include: Access Control, Awareness and Training, Data Security, Information Protection Processes and Procedures, Maintenance, Protective Technology Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. Function enables timely discovery of cybersecurity events. Categories within this Function include: Anomalies and Events, Security Continuous Monitoring, Detection Processes Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. Function supports the ability to contain the impact of a potential cybersecurity event. Categories within this Function include: Response Planning, Communications, Analysis, Mitigation, Improvements Recover Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Categories within this Function include: Recovery Planning, Improvements, Communications 4

Function Identify Category Governance Subcategory ID.GV 2: Information Security roles & responsibilities are coordinated and aligned with internal roles and external partners Information References: A crosswalk to NIST SP 800 53 Rev 4 PM 1 and PS 7 ***PM 1 = Program Management Information Security Program Plan Baseline Security Controls ***PS 7 = Personnel Security Third Party Personnel Security. 5

There are 18 Families within NIST 800 53 R4. 6

These reflect back to the following slide Subcategory ID.GV 2: Information Security roles & responsibilities are coordinated and aligned with internal roles and external partners 7

8

Identify is the Function Asset Management, Business Environment is the Subcategory A. Maintain an inventory of information system components. That is Asset Management B. Map organizational communication and data flows by That is Business Environment F. Establish and maintain information security policies that provide the following: Governance G. Identify and document asset vulnerabilities by Risk Assessment 9

A. Manage identities and credentials for authorized devices and users that This is access control H. Provide state of Montana personnel and partners cybersecurity awareness education that: Awareness and Training P. Perform remote maintenance of organizational assets in a secure manner by This is Protect Maintenance As you are reading these policies, know that they reflect directly back to the Cybersecurity Core Functions. 10

There will be a consolidation of Enterprise Security Polices. We will be moving from 14 Enterprise Security Polices, 5 Enterprise Security Standards to just 6 enterprise security policies. Some of the older polices will become procedures. There will be a document posted before the next meeting showing each of the older polices and where they will reside 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information