SlideShare ist ein Scribd-Unternehmen logo

Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presentation 2016

Cohesive Networks
Cohesive Networks

The document discusses the NIST Cybersecurity Framework and risk-based cybersecurity. It provides an overview of the NIST Framework, describing its core components and five tiers of maturity. It also discusses how the Framework establishes a common language and unified process for managing cybersecurity risks across critical infrastructure sectors. Finally, it outlines steps for applying the Framework, including prioritizing risks, assessing cybersecurity programs, and developing action plans to address gaps.

Technologie
1 von 35
Downloaden Sie, um offline zu lesen
Protecting vital data with NIST Framework
Tweet along: #Sec360 @pjktech @cohesivenet About me Patrick Kerpan CEO at Cohesive Networks @pjktech BANKS
Tweet along: #Sec360 @pjktech @cohesivenet About Cohesive Networks 2,000+ customers protect cloud- based applications User-controlled security & connectivity at the top of the cloud Cloud is creating demand for more connectivity and security honest approach to cloud security
Tweet along: #Sec360 @pjktech @cohesivenet Agenda • standards, teaching, testing and certifying • sustained cyber sieges • priority shifts toward risk-based models • NIST Cybersecurity Framework overview • applying risk based cybersecurity • NIST Cybersecurity Framework for all
Tweet along: #Sec360 @pjktech @cohesivenet standards, teaching, testing and certifying
Tweet along: #Sec360 @pjktech @cohesivenet Pre-NIST Cybersecurity Framework • International Organization for Standardization ISO/ IEC 27005:2011 • Electricity Sub-Sector Cybersecurity Risk Management Process (RMP) guideline • Committee of Sponsoring Organizations (Accounting Orgs) (COSO) • American Institute of CPA's (AICPA) SOC 2 & SAS70 • American Institute of CPA's (AICPA) - Generally Accepted Privacy PrinciplesGAPP (August 2009) • Shared Assessments ORG Vendor Assessments (AUP v5.0 & SIG v6.0) • FTC Children's Online Privacy Protection Rule (COPPA) • European Union Agency for Network and Information Security (ENISA) IAF • European Union Data Protection Directive 95/46/ EC • GSA's Federal Risk and Authorization Management Program (FedRAMP) Cloud Security Controls • Family Educational and Privacy Rights Act (FERPA) • Health Insurance Portability and Accountability Act (HIPAA) • Health Information Technology for Economic and Clinical Health (HITECH) Act • Dept. of State International Traffic in Arms Regulations ITAR • UK Royal Mail - Jericho Forum on De- Perimeterisation • and on and on…
Tweet along: #Sec360 @pjktech @cohesivenet The Big 10 International Organization for Standardization ISO 31000:2009 International Organization for Standardization ISO/IEC 27001 2013 NIST Special Publication NIST 800-53r3 & r4 Payment Card Industry Security Standards Council Data Data Security Standard PCI DSS v3.0 International Society of Automation Industrial Automation And Controls ISA-IAC 62443-2-1:2009 Information Systems Audit and Control Association (ISACA) COBIT 5 Cloud Security Alliance - Enterprise Architecture & Guidance CSA EAG v3.0 SANS Institute Council on Cybersecurity's Critical Security Controls for Effective Cyber Defense v5 DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Cybersecurity Evaluation Tool (CSET®) Department of Energy (DOE) Cybersecurity Capability Maturity Model C2M2
Tweet along: #Sec360 @pjktech @cohesivenet Certification is expensive Class Test
Tweet along: #Sec360 @pjktech @cohesivenet the fog of more Software Tools Standards Training Classes Certification Badges Certification, PenTest, & Audit Services Vulnerability Databases Guidance & Best Practices Catalogs of Controls Checklists Vendor Benchmarks Recommendations, Regulations & Requirements Threat Information Feeds Risk Management Frameworks Competing Options, Priorities, Opinions, and Claims
Tweet along: #Sec360 @pjktech @cohesivenet sustained cyber siege
Tweet along: #Sec360 @pjktech @cohesivenet new cyber realities Attacks have become professional: hackers, criminals or foreign governments. In the post-Sony era, all servers “on a wire” are compromised or targets. Regulatory implementation and reporting demands are increasing.
Tweet along: #Sec360 @pjktech @cohesivenet target: governments
Tweet along: #Sec360 @pjktech @cohesivenet target: healthcare
Tweet along: #Sec360 @pjktech @cohesivenet target: retail
Tweet along: #Sec360 @pjktech @cohesivenet target: you
Tweet along: #Sec360 @pjktech @cohesivenet shifting priorities
Tweet along: #Sec360 @pjktech @cohesivenet DHS mandate: organize & coordinate Image credit: Beldin Executive Order 13636: 
 Improving Critical Infrastructure Cybersecurity • Increase Information Sharing • Protect Privacy & Civil Liberties • Consult with Everyone • Have Commerce / NIST Create Cybersecurity Framework • Voluntary Adoption Program w/ Incentives • Identify Greatest Risks • Determine Need for More Regulation
Tweet along: #Sec360 @pjktech @cohesivenet Why: NIST Cybersecurity Framework Pros •Organized •One standard format •Common language •Unifying process •Defense in breadth & depth •Incentives •Risk management focused •Free Cons •Redundant •Yet another framework •Enforcement & penalties •Sustained cyber-siege •Not technical •Not designed for small firms •Technology debt?
Tweet along: #Sec360 @pjktech @cohesivenet NIST Cybersecurity Framework
Tweet along: #Sec360 @pjktech @cohesivenet Who: 16 critical infrastructure sectors Nuclear Chemical Facilities CommsManufacturing EmergencyDamsDefense Financial Energy Agriculture HealthWater IT Gov Facilities Transportation Image credit: dhs.gov
Tweet along: #Sec360 @pjktech @cohesivenet NIST Framework core
Tweet along: #Sec360 @pjktech @cohesivenet just one subcategory:
Tweet along: #Sec360 @pjktech @cohesivenet NIST Framework tiers of maturity source: PwC Why you should adopt the NIST Cybersecurity Framework
Tweet along: #Sec360 @pjktech @cohesivenet NIST Cybersecurity Framework NIST Cybersecurity Framework is *voluntary* 82% of US federal agencies fully or partially adopting it 53% of organizations outside the federal government adopted it 2016 PwC State of Information Security: the 2 most frequently implemented risk-based guidelines are ISO 27001 and NIST Cybersecurity Framework
Tweet along: #Sec360 @pjktech @cohesivenet applying risk based cybersecurity
Tweet along: #Sec360 @pjktech @cohesivenet traditional vs. risk-based security Traditional Risk-Based Audit focus Business focus Transation-based Process-based Compliance objective Customer focus Policies & procedures focus Risk management focus Multi-year audit coverage Continual risk-reassessment coverage Policy adherence Change facilitator Budgeted cost center Accountability for performance improvement resultsCareer auditors Diversified knowledge and experience Methodology: Focus on policies, transactions, and compliance Methodology: Focus on goals, strategies, and risk management processes
Tweet along: #Sec360 @pjktech @cohesivenet risk-based security frameworks 2016 PwC State of Information Security: 91% of companies have already adopted a risk-based cybersecurity framework Risk-based security can help: • identify and prioritize risks • gauge the maturity of cybersecurity practices • better communicate internally and externally • design, measure and monitor goals • build program that centers around safety and security of data
Tweet along: #Sec360 @pjktech @cohesivenet NIST Cybersecurity Framework for all
Tweet along: #Sec360 @pjktech @cohesivenet how: NIST Cybersecurity for all Step 1: Prioritize and Scope Step 2: Orient Step 3: Create a Current Profile Step 4: Conduct a Risk Assessment Step 5: Create a Target Profile Step 6: Determine, Analyze, and Prioritize Gaps Step 7: Implement Action Plan Repeat The Steps As Needed (Rinse and Repeat)
Tweet along: #Sec360 @pjktech @cohesivenet Chicago style cybersecurity Innovative blend proven style with new technologies Pragmatic work within constraints - shifting sand (literally!) Transparent more opportunities to allow more light internally Tenacious driven by the Mid-Western work ethic Creative willingness to build solutions rather than empires The Marquette Building Image via the MacArthur Foundation
Tweet along: #Sec360 @pjktech @cohesivenet roll your own NIST Manual INTRODUCTION RISK MANAGEMENT STRATEGY STATEMENT Risk Management Process Integrated Risk Management Program External Participation SCOPE OF RISK MANAGEMENT PROGRAM Asset, Change, and Configuration Management Cybersecurity Program Management Supply Chain and External Dependencies Management Identity and Access Management Event and Incident Response, Continuity of Operations Information Sharing and Communications Risk Management Situational Awareness Threat and Vulnerability Management Workforce Management INFRASTRUCTURE UPGRADE PRIORITIES Current CyberSecurity Profile Target Profile Technology Debt CYBERSECURITY ROADMAP & MILESTONES Appendix 1: REGISTRY OF PRIMARY CYBERSECURITY RISKS Appendix 2: REGISTRY OF STAKEHOLDERS AND USERS Etc. Cybersecurity Risk Management & Network Operations Center Manual
Tweet along: #Sec360 @pjktech @cohesivenet conduct app-specific self-evaluations Self evaluations available - Just go download a template!
Tweet along: #Sec360 @pjktech @cohesivenet case study: LocusView Natural gas SaaS provider streamlines audit processes customer network Public Cloud Overlay Network IPsec Tunnel Firewall / IPsec Cloud Server AWS ELB VNS3 Controller public internet user traffic “We wanted to look at a bigger picture than just natural gas and current regulations.” Tim Hopper - GIS Professional LocusView Challenge An increasing stream of requests for documentation, certifications, and penetration test results Solution Used NIST Framework to map the compliance areas that matter most to their organization, clients Outcome LocusView has passed initial audits and the first of several penetration tests
Tweet along: #Sec360 @pjktech @cohesivenet conclusions • Standards are still relevant — Map from standards, not to • Shift from audit-heavy compliance to risk-based prevention • Prioritize current compliance over post-mortem disaster recovery • Holistic security for each business unit • NIST Framework can make everyone’s jobs less complicated
Tweet along: #Sec360 @pjktech @cohesivenet Q&A Stay in touch: @pjktech @cohesivenet contactme@cohesive.net

Empfohlen

Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...Edureka!
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Edureka!
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 

Empfohlen

Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...Edureka!
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Edureka!
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development pathsChelsea Jarvie
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersNUS-ISS
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Harry McLaren
 
cyber security
cyber security cyber security
cyber security NiharikaVoleti
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye SolutionsPrime Infoserv
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsVidyalankar Institute of Technology
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesAkshay Kurhade
 
NIST - Cybersecurity Framework mindmap
NIST - Cybersecurity Framework mindmapNIST - Cybersecurity Framework mindmap
NIST - Cybersecurity Framework mindmapWAJAHAT IQBAL
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
COBIT
COBITCOBIT
COBITTelkom Institute of Management
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development pathsChelsea Jarvie
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersNUS-ISS
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Harry McLaren
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesAkshay Kurhade
 
NIST - Cybersecurity Framework mindmap
NIST - Cybersecurity Framework mindmapNIST - Cybersecurity Framework mindmap
NIST - Cybersecurity Framework mindmapWAJAHAT IQBAL
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 

Was ist angesagt? (20)

Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development paths
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security Leaders
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
 
cyber security
cyber security cyber security
cyber security
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment Basics
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
 
NIST - Cybersecurity Framework mindmap
NIST - Cybersecurity Framework mindmapNIST - Cybersecurity Framework mindmap
NIST - Cybersecurity Framework mindmap
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 

Andere mochten auch

Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introductionaqel aqel
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 

Andere mochten auch (6)

COBIT
COBITCOBIT
COBIT
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 

Ähnlich wie Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presentation 2016

CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...Cohesive Networks
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowInfosec
 
Shields Up Presentation.pdf
Shields Up Presentation.pdfShields Up Presentation.pdf
Shields Up Presentation.pdfPMIUKChapter
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxlior mazor
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Needsimplyme12345
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Cohesive Networks
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
cybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxcybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxMuhammadAbdullah311866
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 

Ähnlich wie Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presentation 2016 (20)

CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to know
 
Shields Up Presentation.pdf
Shields Up Presentation.pdfShields Up Presentation.pdf
Shields Up Presentation.pdf
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Need
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
 
Cs cmaster
Cs cmasterCs cmaster
Cs cmaster
 
cybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxcybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptx
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 

Mehr von Cohesive Networks

Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Cohesive Networks
 
Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...
Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...
Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...Cohesive Networks
 
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)Cohesive Networks
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...Cohesive Networks
 
Comparison: VNS3 and Openswan
Comparison: VNS3 and OpenswanComparison: VNS3 and Openswan
Comparison: VNS3 and OpenswanCohesive Networks
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 ClassicCohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 ClassicCohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks Support Docs: VNS3 Configuration in Azure Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks Support Docs: VNS3 Configuration in Azure Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration for IBM Softlayer
Cohesive Networks Support Docs: VNS3 Configuration for IBM SoftlayerCohesive Networks Support Docs: VNS3 Configuration for IBM Softlayer
Cohesive Networks Support Docs: VNS3 Configuration for IBM SoftlayerCohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration for GCE
Cohesive Networks Support Docs: VNS3 Configuration for GCE Cohesive Networks Support Docs: VNS3 Configuration for GCE
Cohesive Networks Support Docs: VNS3 Configuration for GCE Cohesive Networks
 
Cohesive Networks Support Docs: Welcome to VNS3 3.5
Cohesive Networks Support Docs: Welcome to VNS3 3.5 Cohesive Networks Support Docs: Welcome to VNS3 3.5
Cohesive Networks Support Docs: Welcome to VNS3 3.5 Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide
Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide
Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide Cohesive Networks
 
Cohesive networks Support Docs: VNS3 3.5 Upgrade Guide
Cohesive networks Support Docs: VNS3 3.5 Upgrade GuideCohesive networks Support Docs: VNS3 3.5 Upgrade Guide
Cohesive networks Support Docs: VNS3 3.5 Upgrade GuideCohesive Networks
 
Cohesive Networks Support Docs: VNS3 3.5 Container System Add-Ons
Cohesive Networks Support Docs: VNS3 3.5 Container System Add-OnsCohesive Networks Support Docs: VNS3 3.5 Container System Add-Ons
Cohesive Networks Support Docs: VNS3 3.5 Container System Add-OnsCohesive Networks
 
Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide
Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide
Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide Cohesive Networks
 

Mehr von Cohesive Networks (20)

Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
 
Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...
Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...
Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...
 
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
 
Comparison: VNS3 vs Vyatta
Comparison: VNS3 vs VyattaComparison: VNS3 vs Vyatta
Comparison: VNS3 vs Vyatta
 
Comparison: VNS3 and Openswan
Comparison: VNS3 and OpenswanComparison: VNS3 and Openswan
Comparison: VNS3 and Openswan
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 Administration
 
Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide
 
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 ClassicCohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
 
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
 
Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks Support Docs: VNS3 Configuration in Azure Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks Support Docs: VNS3 Configuration in Azure
 
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
 
Cohesive Networks Support Docs: VNS3 Configuration for IBM Softlayer
Cohesive Networks Support Docs: VNS3 Configuration for IBM SoftlayerCohesive Networks Support Docs: VNS3 Configuration for IBM Softlayer
Cohesive Networks Support Docs: VNS3 Configuration for IBM Softlayer
 
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
 
Cohesive Networks Support Docs: VNS3 Configuration for GCE
Cohesive Networks Support Docs: VNS3 Configuration for GCE Cohesive Networks Support Docs: VNS3 Configuration for GCE
Cohesive Networks Support Docs: VNS3 Configuration for GCE
 
Cohesive Networks Support Docs: Welcome to VNS3 3.5
Cohesive Networks Support Docs: Welcome to VNS3 3.5 Cohesive Networks Support Docs: Welcome to VNS3 3.5
Cohesive Networks Support Docs: Welcome to VNS3 3.5
 
Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide
Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide
Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide
 
Cohesive networks Support Docs: VNS3 3.5 Upgrade Guide
Cohesive networks Support Docs: VNS3 3.5 Upgrade GuideCohesive networks Support Docs: VNS3 3.5 Upgrade Guide
Cohesive networks Support Docs: VNS3 3.5 Upgrade Guide
 
Cohesive Networks Support Docs: VNS3 3.5 Container System Add-Ons
Cohesive Networks Support Docs: VNS3 3.5 Container System Add-OnsCohesive Networks Support Docs: VNS3 3.5 Container System Add-Ons
Cohesive Networks Support Docs: VNS3 3.5 Container System Add-Ons
 
Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide
Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide
Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide
 

Kürzlich hochgeladen

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Kürzlich hochgeladen (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presentation 2016

  • 1. Protecting vital data with NIST Framework
  • 2. Tweet along: #Sec360 @pjktech @cohesivenet About me Patrick Kerpan CEO at Cohesive Networks @pjktech BANKS
  • 3. Tweet along: #Sec360 @pjktech @cohesivenet About Cohesive Networks 2,000+ customers protect cloud- based applications User-controlled security & connectivity at the top of the cloud Cloud is creating demand for more connectivity and security honest approach to cloud security
  • 4. Tweet along: #Sec360 @pjktech @cohesivenet Agenda • standards, teaching, testing and certifying • sustained cyber sieges • priority shifts toward risk-based models • NIST Cybersecurity Framework overview • applying risk based cybersecurity • NIST Cybersecurity Framework for all
  • 5. Tweet along: #Sec360 @pjktech @cohesivenet standards, teaching, testing and certifying
  • 6. Tweet along: #Sec360 @pjktech @cohesivenet Pre-NIST Cybersecurity Framework • International Organization for Standardization ISO/ IEC 27005:2011 • Electricity Sub-Sector Cybersecurity Risk Management Process (RMP) guideline • Committee of Sponsoring Organizations (Accounting Orgs) (COSO) • American Institute of CPA's (AICPA) SOC 2 & SAS70 • American Institute of CPA's (AICPA) - Generally Accepted Privacy PrinciplesGAPP (August 2009) • Shared Assessments ORG Vendor Assessments (AUP v5.0 & SIG v6.0) • FTC Children's Online Privacy Protection Rule (COPPA) • European Union Agency for Network and Information Security (ENISA) IAF • European Union Data Protection Directive 95/46/ EC • GSA's Federal Risk and Authorization Management Program (FedRAMP) Cloud Security Controls • Family Educational and Privacy Rights Act (FERPA) • Health Insurance Portability and Accountability Act (HIPAA) • Health Information Technology for Economic and Clinical Health (HITECH) Act • Dept. of State International Traffic in Arms Regulations ITAR • UK Royal Mail - Jericho Forum on De- Perimeterisation • and on and on…
  • 7. Tweet along: #Sec360 @pjktech @cohesivenet The Big 10 International Organization for Standardization ISO 31000:2009 International Organization for Standardization ISO/IEC 27001 2013 NIST Special Publication NIST 800-53r3 & r4 Payment Card Industry Security Standards Council Data Data Security Standard PCI DSS v3.0 International Society of Automation Industrial Automation And Controls ISA-IAC 62443-2-1:2009 Information Systems Audit and Control Association (ISACA) COBIT 5 Cloud Security Alliance - Enterprise Architecture & Guidance CSA EAG v3.0 SANS Institute Council on Cybersecurity's Critical Security Controls for Effective Cyber Defense v5 DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Cybersecurity Evaluation Tool (CSET®) Department of Energy (DOE) Cybersecurity Capability Maturity Model C2M2
  • 8. Tweet along: #Sec360 @pjktech @cohesivenet Certification is expensive Class Test
  • 9. Tweet along: #Sec360 @pjktech @cohesivenet the fog of more Software Tools Standards Training Classes Certification Badges Certification, PenTest, & Audit Services Vulnerability Databases Guidance & Best Practices Catalogs of Controls Checklists Vendor Benchmarks Recommendations, Regulations & Requirements Threat Information Feeds Risk Management Frameworks Competing Options, Priorities, Opinions, and Claims
  • 10. Tweet along: #Sec360 @pjktech @cohesivenet sustained cyber siege
  • 11. Tweet along: #Sec360 @pjktech @cohesivenet new cyber realities Attacks have become professional: hackers, criminals or foreign governments. In the post-Sony era, all servers “on a wire” are compromised or targets. Regulatory implementation and reporting demands are increasing.
  • 12. Tweet along: #Sec360 @pjktech @cohesivenet target: governments
  • 13. Tweet along: #Sec360 @pjktech @cohesivenet target: healthcare
  • 14. Tweet along: #Sec360 @pjktech @cohesivenet target: retail
  • 15. Tweet along: #Sec360 @pjktech @cohesivenet target: you
  • 16. Tweet along: #Sec360 @pjktech @cohesivenet shifting priorities
  • 17. Tweet along: #Sec360 @pjktech @cohesivenet DHS mandate: organize & coordinate Image credit: Beldin Executive Order 13636: 
 Improving Critical Infrastructure Cybersecurity • Increase Information Sharing • Protect Privacy & Civil Liberties • Consult with Everyone • Have Commerce / NIST Create Cybersecurity Framework • Voluntary Adoption Program w/ Incentives • Identify Greatest Risks • Determine Need for More Regulation
  • 18. Tweet along: #Sec360 @pjktech @cohesivenet Why: NIST Cybersecurity Framework Pros •Organized •One standard format •Common language •Unifying process •Defense in breadth & depth •Incentives •Risk management focused •Free Cons •Redundant •Yet another framework •Enforcement & penalties •Sustained cyber-siege •Not technical •Not designed for small firms •Technology debt?
  • 19. Tweet along: #Sec360 @pjktech @cohesivenet NIST Cybersecurity Framework
  • 20. Tweet along: #Sec360 @pjktech @cohesivenet Who: 16 critical infrastructure sectors Nuclear Chemical Facilities CommsManufacturing EmergencyDamsDefense Financial Energy Agriculture HealthWater IT Gov Facilities Transportation Image credit: dhs.gov
  • 21. Tweet along: #Sec360 @pjktech @cohesivenet NIST Framework core
  • 22. Tweet along: #Sec360 @pjktech @cohesivenet just one subcategory:
  • 23. Tweet along: #Sec360 @pjktech @cohesivenet NIST Framework tiers of maturity source: PwC Why you should adopt the NIST Cybersecurity Framework
  • 24. Tweet along: #Sec360 @pjktech @cohesivenet NIST Cybersecurity Framework NIST Cybersecurity Framework is *voluntary* 82% of US federal agencies fully or partially adopting it 53% of organizations outside the federal government adopted it 2016 PwC State of Information Security: the 2 most frequently implemented risk-based guidelines are ISO 27001 and NIST Cybersecurity Framework
  • 25. Tweet along: #Sec360 @pjktech @cohesivenet applying risk based cybersecurity
  • 26. Tweet along: #Sec360 @pjktech @cohesivenet traditional vs. risk-based security Traditional Risk-Based Audit focus Business focus Transation-based Process-based Compliance objective Customer focus Policies & procedures focus Risk management focus Multi-year audit coverage Continual risk-reassessment coverage Policy adherence Change facilitator Budgeted cost center Accountability for performance improvement resultsCareer auditors Diversified knowledge and experience Methodology: Focus on policies, transactions, and compliance Methodology: Focus on goals, strategies, and risk management processes
  • 27. Tweet along: #Sec360 @pjktech @cohesivenet risk-based security frameworks 2016 PwC State of Information Security: 91% of companies have already adopted a risk-based cybersecurity framework Risk-based security can help: • identify and prioritize risks • gauge the maturity of cybersecurity practices • better communicate internally and externally • design, measure and monitor goals • build program that centers around safety and security of data
  • 28. Tweet along: #Sec360 @pjktech @cohesivenet NIST Cybersecurity Framework for all
  • 29. Tweet along: #Sec360 @pjktech @cohesivenet how: NIST Cybersecurity for all Step 1: Prioritize and Scope Step 2: Orient Step 3: Create a Current Profile Step 4: Conduct a Risk Assessment Step 5: Create a Target Profile Step 6: Determine, Analyze, and Prioritize Gaps Step 7: Implement Action Plan Repeat The Steps As Needed (Rinse and Repeat)
  • 30. Tweet along: #Sec360 @pjktech @cohesivenet Chicago style cybersecurity Innovative blend proven style with new technologies Pragmatic work within constraints - shifting sand (literally!) Transparent more opportunities to allow more light internally Tenacious driven by the Mid-Western work ethic Creative willingness to build solutions rather than empires The Marquette Building Image via the MacArthur Foundation
  • 31. Tweet along: #Sec360 @pjktech @cohesivenet roll your own NIST Manual INTRODUCTION RISK MANAGEMENT STRATEGY STATEMENT Risk Management Process Integrated Risk Management Program External Participation SCOPE OF RISK MANAGEMENT PROGRAM Asset, Change, and Configuration Management Cybersecurity Program Management Supply Chain and External Dependencies Management Identity and Access Management Event and Incident Response, Continuity of Operations Information Sharing and Communications Risk Management Situational Awareness Threat and Vulnerability Management Workforce Management INFRASTRUCTURE UPGRADE PRIORITIES Current CyberSecurity Profile Target Profile Technology Debt CYBERSECURITY ROADMAP & MILESTONES Appendix 1: REGISTRY OF PRIMARY CYBERSECURITY RISKS Appendix 2: REGISTRY OF STAKEHOLDERS AND USERS Etc. Cybersecurity Risk Management & Network Operations Center Manual
  • 32. Tweet along: #Sec360 @pjktech @cohesivenet conduct app-specific self-evaluations Self evaluations available - Just go download a template!
  • 33. Tweet along: #Sec360 @pjktech @cohesivenet case study: LocusView Natural gas SaaS provider streamlines audit processes customer network Public Cloud Overlay Network IPsec Tunnel Firewall / IPsec Cloud Server AWS ELB VNS3 Controller public internet user traffic “We wanted to look at a bigger picture than just natural gas and current regulations.” Tim Hopper - GIS Professional LocusView Challenge An increasing stream of requests for documentation, certifications, and penetration test results Solution Used NIST Framework to map the compliance areas that matter most to their organization, clients Outcome LocusView has passed initial audits and the first of several penetration tests
  • 34. Tweet along: #Sec360 @pjktech @cohesivenet conclusions • Standards are still relevant — Map from standards, not to • Shift from audit-heavy compliance to risk-based prevention • Prioritize current compliance over post-mortem disaster recovery • Holistic security for each business unit • NIST Framework can make everyone’s jobs less complicated
  • 35. Tweet along: #Sec360 @pjktech @cohesivenet Q&A Stay in touch: @pjktech @cohesivenet contactme@cohesive.net