Cyber

Security
Framewor
k Core
AGENDA

 The Framework Core: Introduction

 Cybersecurity: Activities, Outcomes
 Informative References Common Across Critical
Infrastructure Sectors.
Introduction to the Framework
Core
 Brief overview of the Framework Core:
• Developed by NIST (National Institute of Standards and Technology)

• Provides a voluntary, risk-based approach to managing cybersecurity risk.

 Importance of cybersecurity in critical infrastructure:

• Protects national security, public health, and economic stability

• Addresses the growing number and sophistication of cyber threats

Framework Core Components

 Functions: Organize basic cybersecurity activities at their highest level.

 Categories: Subdivisions of Functions into groups of cybersecurity

outcomes.
 Subcategories: Further divisions of Categories into specific outcomes
of technical, management, and operational activities.
Functions Overview
Overview of the five Functions:
• Identify: Develop an organizational understanding to manage
cybersecurity risk.
• Protect: Implement safeguards to ensure delivery of critical
infrastructure services.

• Detect: Develop and implement activities to identify the

occurrence of a cybersecurity event.

• Respond: Take action regarding a detected cybersecurity

incident.

• Recover: Maintain plans for resilience and restore any capabilities

or services impaired due to a cybersecurity incident.
Identify Function
Definition and objectives:
 Understanding organizational assets, systems, data, and capabilities.
 Establishing risk management strategy and priorities.

Key categories:
 Asset Management
 Supply Chain Risk Management
 Governance
 Risk Assessment
Protect Function
Definition and objectives:
 Implementing measures to safeguard critical infrastructure services.

Key categories:
 Identity Management and Access Control
 Awareness and Training
 Data Security
 Information Protection Processes and Procedures
Detect Function
Definition and objectives:
 Developing and implementing activities to identify

cybersecurity events promptly.

Key categories:
 Anomalies and Events

 Security Continuous Monitoring

 Detection Processes
Respond Function
Definition and objectives:
 Taking appropriate action regarding a detected cybersecurity incident.

Key categories:
 Response Planning
 Communications
 Analysis
 Mitigation
 Improvements
Recover Function
Definition and objectives:
 Ensuring resilience and restoring capabilities or services impaired during a
cybersecurity incident.

Key categories:
 Recovery Planning
 Improvements
 Communications
Cybersecurity Activities Overview
Importance of cybersecurity activities:
 Integral to protecting critical infrastructure
 Reducing risk and enhancing resilience

Connection to the Framework Core:

 Each activity is mapped to specific functions, categories, and subcategories
within the Framework Core.
Asset Management Activities
Activities under the Identify function:
 Inventory and track physical and software assets.
 Ensure accurate, up-to-date asset inventory.

Importance of asset inventory and management:

 Foundational for effective risk management and incident response
 Risk Assessment Activities
Activities under the Identify function:
 Conducting regular risk assessments
 Identifying potential threats and vulnerabilities

Importance:
 Essential for understanding and mitigating risks
 Helps prioritize security measures
Identity Management and Access
Control
Activities under the Protect function:
 Implementing robust access controls
 Managing identities and credentials

Ensuring proper access controls:

 Reduces risk of unauthorized access
 Protects sensitive information and systems
Security Awareness and Training
Activities under the Protect function:
 Developing and implementing training programs
 Raising awareness among employees about cybersecurity

Importance:
 Empowers employees to recognize and respond to threats
 Creates a culture of security
Data Security Measures
Activities under the Protect function:
 Implementing encryption, access controls, and data masking
 Ensuring data integrity and confidentiality

Protecting sensitive data:

 Mitigates risk of data breaches
 Ensures compliance with regulations
Continuous Monitoring
Activities under the Detect function:
 Implementing tools and processes for continuous threat monitoring
 Regularly reviewing logs and alerts

Importance:
 Early detection of threats
 Rapid response to incidents
Incident Response
Activities under the Respond function:
 Developing and executing incident response plans
 Conducting post-incident analysis

Importance:
 Minimizes impact of cybersecurity incidents
 Enhances organizational resilience
Recovery Planning
Activities under the Recover function:
 Establishing and maintaining recovery plans
 Conducting recovery exercises

Strategies for effective recovery:

 Ensures rapid restoration of services
 Reduces downtime and operational impact
Outcomes Overview
Importance of measuring outcomes:
 Evaluates effectiveness of cybersecurity efforts
 Guides improvements and investments

Connection to the Framework Core:

 Outcomes are aligned with the objectives of the Framework Core
Reducing Risk
Outcome related to risk reduction:
 Implementing measures to lower risk of cyber incidents
 Examples: enhanced security controls, regular risk assessments

Benefits:
 Increased organizational security
 Protection of critical assets
Enhancing Resilience
Outcome related to enhancing resilience:
 Developing capabilities to withstand and recover from cyber incidents
 Examples: robust recovery plans, continuous monitoring

Benefits:
 Maintained operational continuity
 Reduced impact of incidents
Improving Incident Response
Outcome related to incident response
improvements:
 Streamlined response processes
 Effective communication and coordination

Benefits:
 Faster resolution of incidents
 Reduced damage and recovery time
Informative References Overview
Definition and purpose of informative references:
 Sources of guidance and best practices
 Enhance implementation of the Framework Core

Connection to the Framework Core:

 Informative references align with functions, categories, and subcategories
NIST SP 800-53
Overview of NIST Special Publication 800-53:
 Provides a catalog of security and privacy controls
 Used by federal agencies and other organizations

Relation to the Framework Core:

 Maps controls to specific subcategories
ISO/IEC 27001
Overview of ISO/IEC 27001
standard:
 International standard for information security
management systems (ISMS)
 Establishes requirements for implementing,
maintaining, and improving ISMS

Relation to the Framework Core:

 Provides a comprehensive approach to
managing cybersecurity risks
COBIT 5
Overview of COBIT 5 framework:
 Provides governance and management guidelines for enterprise IT
 Aligns IT goals with business objectives

Relation to the Framework Core:

 Supports the governance and management of cybersecurity

activities.
CIS Controls
Overview of CIS Controls:
 Set of best practices for securing IT systems and data
 Prioritized and actionable recommendations

Relation to the Framework Core:

 Helps organizations implement effective security measures
PCI DSS
Overview of PCI Data Security Standard:
 Established by the Payment Card Industry Security Standards Council
 Ensures secure handling of credit card information

Relation to the Framework Core:

 Provides specific controls for protecting payment data
Cross-Sector Informative
References
Importance of cross-sector collaboration:
 Sharing knowledge and best practices
 Enhancing overall security posture

Examples of cross-sector references:

 DHS's Cybersecurity and Infrastructure Security Agency (CISA) guidelines
 Collaboration initiatives and partnerships
Critical Infrastructure Sectors
Importance of critical infrastructure sectors:
 Essential services that underpin society
 Targeted by cyber threats due to their impact

Key sectors:
 Energy
 Healthcare
 Financial Services
 Transportation
 Water and Wastewater Systems
Energy Sector
Importance of the energy sector:
 Provides power and fuel essential for daily operations
 Includes electricity, oil, and natural gas

Cybersecurity challenges:
 SCADA systems vulnerabilities
 Interdependencies with other sectors

Framework Core application:

 Risk assessments, continuous monitoring, incident response plans
Healthcare Sector
Importance of the healthcare sector:
 Protects public health and safety
 Includes hospitals, clinics, and medical research facilities

Cybersecurity challenges:
 Protection of patient data (HIPAA compliance)
 Increasing ransomware attacks
Financial Services Sector
Importance of the financial services sector:
 Facilitates economic activities and transactions
 Includes banks, investment firms, and insurance companies

Cybersecurity challenges:
 Fraud and identity theft
 Regulatory compliance (e.g., PCI DSS)

Framework Core application:

 Access control, anomaly detection, incident response
Water and Wastewater Systems
Sector
Importance of water and wastewater systems:
 Provides clean water and manages waste
 Essential for public health and safety

Cybersecurity challenges:
 SCADA systems vulnerabilities
 Physical and cyber interdependencies
Information Technology Sector
Importance of the IT sector:
 Supports the operation of other critical
infrastructure sectors
 Includes hardware manufacturers, software
developers, and IT service providers

Cybersecurity challenges:
 Software vulnerabilities
 Supply chain attacks
Emergency Services Sector
Importance of the emergency services sector:
 Provides critical response and recovery services
 Includes police, fire, emergency medical services, and disaster response
agencies

Cybersecurity challenges:
 Communication system disruptions
 Data breaches impacting emergency response
Defense Industrial Base Sector
Cybersecurity challenges:
 Espionage and intellectual property theft
 Supply chain vulnerabilities

Framework Core application:

 Supply chain risk management, continuous monitoring, incident response
Emerging Threats
Overview of emerging cybersecurity threats:
 Advanced persistent threats (APTs)
 Ransomware-as-a-Service (RaaS)
 Cyber-physical attacks on critical infrastructure

Importance of staying informed:

 Regular threat intelligence updates
 Proactive threat hunting and monitoring
Advanced Cybersecurity
Strategies
Overview of advanced strategies:
 Zero-trust architecture
 Artificial intelligence and machine learning for threat detection
 Deception technologies (e.g., honeypots)

Benefits:
 Enhanced detection and response capabilities
 Improved resilience against sophisticated attacks
Regulatory Compliance
Importance of regulatory
compliance:
 Ensures adherence to industry standards
and legal requirements
 Protects against legal and financial penalties

Key regulations:
 General Data Protection Regulation (GDPR)
 Health Insurance Portability and
Accountability Act (HIPAA)
Public-Private Partnerships
Importance of collaboration:
 Enhances information sharing and collective security efforts
 Leverages resources and expertise from both sectors

Examples:
 Information Sharing and Analysis Centers (ISACs)
 Cybersecurity and Infrastructure Security Agency (CISA) initiatives
Cybersecurity Workforce
Development
Importance of building a skilled workforce:
 Addresses the talent gap in cybersecurity
 Ensures effective implementation of security measures

Strategies:
 Education and training programs
 Certifications (e.g., CISSP, CISM)
 Career development and retention initiatives
Cybersecurity Incident Response
Teams
Importance of incident response teams (IRTs):
 Provide specialized expertise for managing cyber incidents
 Ensure rapid and effective incident resolution

Key roles and responsibilities:

 Incident detection and analysis
 Coordination of response efforts
 Post-incident review and improvement
Cyber Insurance

Overview of cyber insurance:

 Provides financial protection against cyber incidents
 Covers costs related to data breaches, ransomware attacks, and business
interruption

Importance:
 Mitigates financial impact of cyber incidents
 Encourages proactive risk management
Cybersecurity Metrics and KPIs
Importance of metrics and
KPIs:
 Measures effectiveness of
cybersecurity efforts
 Guides continuous improvement

Key metrics:
 Incident response time
 Number of detected threats
 Compliance with security policies
Cyber Threat Intelligence
Overview of threat intelligence:
 Collection and analysis of information about
potential threats
 Informs proactive defense measures

Sources:
 Open-source intelligence (OSINT)
 Threat intelligence platforms and services
Best Practices for
Implementation
Summary of best practices across sectors:
 Conduct regular risk assessments
 Implement continuous monitoring
 Foster a culture of cybersecurity awareness
 Collaborate with industry partners and government agencies
Challenges and Solutions
Common challenges in implementation:
 Resource constraints
 Keeping up with evolving threats
 Ensuring cross-departmental collaboration

Potential solutions and strategies:

 Prioritize critical assets and risks
 Invest in training and awareness programs
 Leverage external expertise and partnerships
Future Trends in Cybersecurity
Emerging trends:
 Increased use of artificial intelligence and machine learning
 Growing importance of supply chain security
 Rise of zero-trust architectures

Future directions for the Framework Core:

 Continuous updates to address new threats
 Enhanced focus on privacy and data protection
Conclusion
Summary of key points:
 Importance of the Framework Core in managing cybersecurity risks
 Overview of functions, activities, outcomes, and informative references

Importance of continued focus on cybersecurity:

 Protecting critical infrastructure
 Ensuring national security and economic stability
References
•NIST Cybersecurity Framework documentation
•ISO/IEC 27001 standard
•NIST SP 800-53 publication
•CIS Controls guidelines
•PCI DSS standards
Thank You