Monchai Phaichitchan, profile picture
Uploaded byMonchai Phaichitchan
PPTX, PDF261 views

Cybersecurity framework v1-1_presentation

The document summarizes the Cybersecurity Framework, which provides a common language to manage cybersecurity risk across complex operations and sectors. It has three main components: the Core, which defines desired outcomes; Profiles, which align requirements to the Core; and Implementation Tiers, which assess risk management practices. The Framework is adaptable, risk-based, and based on international standards. Version 1.1 enhances guidance for supply chains and self-assessment. Various organizations have found success applying the Framework.

Embed presentation

Download to read offline
The Cybersecurity Framework Version 1.1 October 2019
Cybersecurity Framework History • February 2013 - Executive Order 13636: Improving Critical Infrastructure Cybersecurity • December 2014 - Cybersecurity Enhancement Act of 2014 (P.L. 113-274) • May 2017 - Executive Order 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
The Cybersecurity Framework Three Primary Components Core Desired cybersecurity outcomes organized in a hierarchy and aligned to more detailed guidance and controls Profiles Alignment of an organization’s requirements and objectives, risk appetite and resources using the desired outcomes of the Framework Core Implementation Tiers A qualitative measure of organizational cybersecurity risk management practices
• Common and accessible language • Adaptable to many technologies, lifecycle phases, sectors and uses • Risk-based • Based on international standards • Living document • Guided by many perspectives – private sector, academia, public sector Key Framework Attributes Principles of Current and Future Versions of the Framework
The Framework Core Establishes a Common Language • Describes desired outcomes • Understandable by everyone • Applies to any type of risk management • Defines the entire breadth of cybersecurity • Spans both prevention and reaction Function Identify Protect Detect Respond Recover
An Excerpt from the Framework Core The Connected Path of Framework Outcomes 5 Functions 23 Categories 108 Subcategories 6 Informative References
Implementation Tiers The Cybersecurity Framework Version 1.1 1 2 3 4 Partial Risk Informed Repeatable Adaptive Risk Management Process The functionality and repeatability of cybersecurity risk management Integrated Risk Management Program The extent to which cybersecurity is considered in broader risk management decisions External Participation The degree to which the organization: • monitors and manages supply chain risk1.1 • benefits my sharing or receiving information from outside parties
Framework Update The Cybersecurity Framework Version 1.1 • Applicability for all system lifecycle phases • Enhanced guidance for managing cybersecurity within supply chains and for buying decisions • New guidance for self-assessment • Better accounts for Authorization, Authentication, and Identity Proofing • Incorporates emerging vulnerability information (a.k.a., Coordinated Vulnerability Disclosure) • Administratively updates the Informative References
International Use Translations, Adaptations, and Other References World-Wide
Sample Resources www.nist.gov/cyberframework/framework-resources Financial Services Profile Financial Services Sector Specific Cybersecurity “Profile” Manufacturing Profile NIST Discrete Manufacturing Cybersecurity Framework Profile Maritime Profile Bulk Liquid Transport Profile
Success Stories https://www.nist.gov/cyberframework/success-stories University of Chicago Biological Sciences Division Japan’s Cross-Sector Forum ISACA University of Pittsburgh University of Kansas Medical Center Multi-State Information Sharing & Analysis Center
STAYING IN TOUCH cyberframework@nist.gov NIST.gov/cyberframework @ @NISTcyber NIST.gov/topics/cybersecurity NCCoE.NIST.gov CSRC.NIST.gov

More Related Content

PPTX
NIST CyberSecurity Framework: An Overview
byTandhy Simanjuntak
 
PDF
Microsoft 365 Security and Compliance
byDavid J Rosenthal
 
PPTX
CISSP Chapter 7 - Security Operations
byKarthikeyan Dhayalan
 
PPTX
Microsoft Information Protection: Your Security and Compliance Framework
byAlistair Pugin
 
PPTX
CollabDaysBE - Microsoft Purview Information Protection demystified
byAlbert Hoitingh
 
PPTX
Data Loss Prevention in Office 365
byCloudFronts Technologies LLP.
 
PPTX
Identity and Access Management Introduction
byAidy Tificate
 
PPTX
CollabDays NL 2022 - Albert Hoitingh - Encryption in M365 - Slideshare.pptx
byAlbert Hoitingh
 
NIST CyberSecurity Framework: An Overview
byTandhy Simanjuntak
 
Microsoft 365 Security and Compliance
byDavid J Rosenthal
 
CISSP Chapter 7 - Security Operations
byKarthikeyan Dhayalan
 
Microsoft Information Protection: Your Security and Compliance Framework
byAlistair Pugin
 
CollabDaysBE - Microsoft Purview Information Protection demystified
byAlbert Hoitingh
 
Data Loss Prevention in Office 365
byCloudFronts Technologies LLP.
 
Identity and Access Management Introduction
byAidy Tificate
 
CollabDays NL 2022 - Albert Hoitingh - Encryption in M365 - Slideshare.pptx
byAlbert Hoitingh
 

What's hot

PPTX
Breakdown of Microsoft Purview Solutions
byDrew Madelung
 
PDF
Microsoft 365 Enterprise Security with E5 Overview
byDavid J Rosenthal
 
PDF
Dlp notes
byanuepcet
 
PPTX
Data Loss Prevention
byReza Kopaee
 
PPTX
Identity and Access Management (IAM): Benefits and Best Practices 
byVeritis Group, Inc
 
PPTX
Microsoft Purview
byMohammed Chaaraoui
 
PDF
Azure Sentinel
byKumton Suttiraksiri
 
PPTX
SOC: Use cases and are we asking the right questions?
byJonathan Sinclair
 
PDF
IBM Infosphere Guardium - Database Security
byebuc
 
PPTX
Search Inform DLP
bySergei Yavchenko
 
DOCX
Вопросы для интервью ISO 27001
byIvan Piskunov
 
PDF
Microsoft Azure Sentinel
byBGA Cyber Security
 
PPT
Cyber Security Layers - Defense in Depth
byMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
PPTX
The Zero Trust Model of Information Security
byTripwire
 
PPTX
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
byAlbert Hoitingh
 
PDF
Identity and Access Management 101
byJerod Brennen
 
PPTX
Security Code Review 101
byPaul Ionescu
 
PDF
Share point における id管理と認証・認可
byNaohiro Fujie
 
PPTX
Veeam Backup for Office 365
byIngram Micro
 
PPTX
Google Dorks
byAndrea D'Ubaldo
 
Breakdown of Microsoft Purview Solutions
byDrew Madelung
 
Microsoft 365 Enterprise Security with E5 Overview
byDavid J Rosenthal
 
Dlp notes
byanuepcet
 
Data Loss Prevention
byReza Kopaee
 
Identity and Access Management (IAM): Benefits and Best Practices 
byVeritis Group, Inc
 
Microsoft Purview
byMohammed Chaaraoui
 
Azure Sentinel
byKumton Suttiraksiri
 
SOC: Use cases and are we asking the right questions?
byJonathan Sinclair
 
IBM Infosphere Guardium - Database Security
byebuc
 
Search Inform DLP
bySergei Yavchenko
 
Вопросы для интервью ISO 27001
byIvan Piskunov
 
Microsoft Azure Sentinel
byBGA Cyber Security
 
Cyber Security Layers - Defense in Depth
byMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
The Zero Trust Model of Information Security
byTripwire
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
byAlbert Hoitingh
 
Identity and Access Management 101
byJerod Brennen
 
Security Code Review 101
byPaul Ionescu
 
Share point における id管理と認証・認可
byNaohiro Fujie
 
Veeam Backup for Office 365
byIngram Micro
 
Google Dorks
byAndrea D'Ubaldo
 

Similar to Cybersecurity framework v1-1_presentation

PDF
NIST cybersecurity framework
byShriya Rai
 
PDF
NIST Cybersecurity Framework 101
byErick Kish, U.S. Commercial Service
 
PDF
From NIST CSF 1.1 to 2.0.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
NIST Cybersecurity Framework (CSF) on the Public Cloud
byCloudHesive
 
PPTX
framework-version-1.1-overview-20180427-for-web-002.pptx
byAshishRanjan546644
 
PPTX
NIST Cybersecurity Framework presentatio
bywasayak124
 
PPTX
DOC-20250530-WA0008.pptx.................
bysalmannawaz6566504
 
PPTX
update process framework 2315290857359817538
byJoanAlba10
 
PDF
NIST critical_infrastructure_cybersecurity.pdf
byssuserb3094b
 
PPTX
framework_update_report-yer20170301.pptx
byMuhammadAbdullah311866
 
PDF
Framework for Improving Critical Infrastructure Cybersecurity - Nist.cswp.041...
byAT-NET Services, Inc. - Charleston Division
 
DOCX
Framework for Improving Critical Infrastructure Cyber.docx
bybudbarber38650
 
PDF
Improving Cyber Readiness with the NIST Cybersecurity Framework
byWilliam McBorrough
 
PPTX
cybersecurity_framework_webinar_2017.pptx
byMuhammadAbdullah311866
 
DOCX
Elements of Music #1 Handout1. Rhythm the flow of music in te.docx
byjack60216
 
DOCX
Elements of Music #1 Handout1. Rhythm the flow of music in te.docx
bytoltonkendal
 
DOCX
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T
byOllieShoresna
 
PPTX
history_and_development.pptx
byMarcosCristianMungua
 
DOCX
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
byjustine1simpson78276
 
PPT
What CIOs and CFOs Need to Know About Cyber Security
byPhil Agcaoili
 
NIST cybersecurity framework
byShriya Rai
 
NIST Cybersecurity Framework 101
byErick Kish, U.S. Commercial Service
 
From NIST CSF 1.1 to 2.0.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
byCloudHesive
 
framework-version-1.1-overview-20180427-for-web-002.pptx
byAshishRanjan546644
 
NIST Cybersecurity Framework presentatio
bywasayak124
 
DOC-20250530-WA0008.pptx.................
bysalmannawaz6566504
 
update process framework 2315290857359817538
byJoanAlba10
 
NIST critical_infrastructure_cybersecurity.pdf
byssuserb3094b
 
framework_update_report-yer20170301.pptx
byMuhammadAbdullah311866
 
Framework for Improving Critical Infrastructure Cybersecurity - Nist.cswp.041...
byAT-NET Services, Inc. - Charleston Division
 
Framework for Improving Critical Infrastructure Cyber.docx
bybudbarber38650
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
byWilliam McBorrough
 
cybersecurity_framework_webinar_2017.pptx
byMuhammadAbdullah311866
 
Elements of Music #1 Handout1. Rhythm the flow of music in te.docx
byjack60216
 
Elements of Music #1 Handout1. Rhythm the flow of music in te.docx
bytoltonkendal
 
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T
byOllieShoresna
 
history_and_development.pptx
byMarcosCristianMungua
 
Analyze1. Foreign Stocka. Samsung Electronics LTD. (Korean St.docx
byjustine1simpson78276
 
What CIOs and CFOs Need to Know About Cyber Security
byPhil Agcaoili
 

Recently uploaded

PPTX
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
PDF
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
PPTX
Governance, Deployment & Methodologies for Agentic Automation [2/3]
bysuhanisingh58689
 
PPTX
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
PDF
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
PPTX
Expanding Your Toolbox: Beginners Guide to Controlling Kubernetes Logs
byEric D. Schabell
 
PDF
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
PPTX
Career Blueprint - Future Career Vision & Success Stories - 2025 - Part 1
byDianaGray10
 
PPTX
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
PDF
Sylvester Konadu Worcester MA - An Accomplished IT Analyst
bySylvester Konadu Worcester
 
PPTX
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
PDF
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
PDF
Manage Networking in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
Getting started with Agent Framework.pdf
byNilesh Gule
 
PDF
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Create, View and Edit Text Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
Governance, Deployment & Methodologies for Agentic Automation [2/3]
bysuhanisingh58689
 
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
Expanding Your Toolbox: Beginners Guide to Controlling Kubernetes Logs
byEric D. Schabell
 
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
Career Blueprint - Future Career Vision & Success Stories - 2025 - Part 1
byDianaGray10
 
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
Sylvester Konadu Worcester MA - An Accomplished IT Analyst
bySylvester Konadu Worcester
 
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
Manage Networking in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
Getting started with Agent Framework.pdf
byNilesh Gule
 
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
Create, View and Edit Text Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
In this document
Powered by AI

Introduction to the Cybersecurity Framework Version 1.1, established in October 2019.

Historical milestones leading to the Cybersecurity Framework, including key executive orders from 2013, 2014, and 2017.

Overview of three primary components: Core, Profiles, Implementation Tiers, focused on risk management and organizational objectives.

Attributes of the framework ensuring it is adaptable, risk-based, and guided by diverse perspectives.

Details on the Framework Core functions: Identify, Protect, Detect, Respond, and Recover, which establish a common language.

Explanation of the connected path of framework outcomes, including 5 functions, 23 categories, and 108 subcategories.

Description of the four implementation tiers: Partial, Risk Informed, Repeatable, Adaptive, for measuring cybersecurity maturity.

Updates in Version 1.1 including supply chain cybersecurity guidance and enhancements for self-assessment.

Global adoption of the Cybersecurity Framework with translations and adaptations worldwide.

Available resources related to the cybersecurity framework, including sector-specific profiles.

Highlighting examples of organizations like University of Chicago and Japan’s Forum using the Cybersecurity Framework.

Contact information and resources for staying in touch with NIST Cybersecurity Framework initiatives.

Cybersecurity framework v1-1_presentation

  • 1.
  • 2.
    Cybersecurity Framework History •February 2013 - Executive Order 13636: Improving Critical Infrastructure Cybersecurity • December 2014 - Cybersecurity Enhancement Act of 2014 (P.L. 113-274) • May 2017 - Executive Order 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
  • 3.
    The Cybersecurity Framework ThreePrimary Components Core Desired cybersecurity outcomes organized in a hierarchy and aligned to more detailed guidance and controls Profiles Alignment of an organization’s requirements and objectives, risk appetite and resources using the desired outcomes of the Framework Core Implementation Tiers A qualitative measure of organizational cybersecurity risk management practices
  • 4.
    • Common andaccessible language • Adaptable to many technologies, lifecycle phases, sectors and uses • Risk-based • Based on international standards • Living document • Guided by many perspectives – private sector, academia, public sector Key Framework Attributes Principles of Current and Future Versions of the Framework
  • 5.
    The Framework Core Establishesa Common Language • Describes desired outcomes • Understandable by everyone • Applies to any type of risk management • Defines the entire breadth of cybersecurity • Spans both prevention and reaction Function Identify Protect Detect Respond Recover
  • 6.
    An Excerpt fromthe Framework Core The Connected Path of Framework Outcomes 5 Functions 23 Categories 108 Subcategories 6 Informative References
  • 7.
    Implementation Tiers The CybersecurityFramework Version 1.1 1 2 3 4 Partial Risk Informed Repeatable Adaptive Risk Management Process The functionality and repeatability of cybersecurity risk management Integrated Risk Management Program The extent to which cybersecurity is considered in broader risk management decisions External Participation The degree to which the organization: • monitors and manages supply chain risk1.1 • benefits my sharing or receiving information from outside parties
  • 8.
    Framework Update The CybersecurityFramework Version 1.1 • Applicability for all system lifecycle phases • Enhanced guidance for managing cybersecurity within supply chains and for buying decisions • New guidance for self-assessment • Better accounts for Authorization, Authentication, and Identity Proofing • Incorporates emerging vulnerability information (a.k.a., Coordinated Vulnerability Disclosure) • Administratively updates the Informative References
  • 9.
    International Use Translations, Adaptations,and Other References World-Wide
  • 10.
    Sample Resources www.nist.gov/cyberframework/framework-resources Financial ServicesProfile Financial Services Sector Specific Cybersecurity “Profile” Manufacturing Profile NIST Discrete Manufacturing Cybersecurity Framework Profile Maritime Profile Bulk Liquid Transport Profile
  • 11.
    Success Stories https://www.nist.gov/cyberframework/success-stories University ofChicago Biological Sciences Division Japan’s Cross-Sector Forum ISACA University of Pittsburgh University of Kansas Medical Center Multi-State Information Sharing & Analysis Center
  • 12.