Uploaded byEdureka!
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certification | Edureka
The document outlines a cybersecurity certification course that focuses on improving critical infrastructure cybersecurity using a voluntary framework established by the NIST. It describes the importance of a cybersecurity framework for managing risks, featuring components such as framework profiles, implementation tiers, and core functions to help organizations enhance their cybersecurity posture. The framework is designed to be adaptable and scalable, with a clear agenda for implementation steps to achieve better cybersecurity management.
More Related Content
![Overview of the Cyber Kill Chain [TM]](https://cdn.slidesharecdn.com/ss_thumbnails/cybersecuritykillchain8-161209191549-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certification | Edureka
![Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck](https://cdn.slidesharecdn.com/ss_thumbnails/ilovepdfmerged12-251029161756-3b829161-thumbnail.jpg?width=640&height=640&fit=bounds)
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certification | Edureka
- 1. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training
- 2. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Improving Critical Infrastructure Cybersecurity Why Cybersecurity Framework? Types of Cybersecurity Framework Cybersecurity Framework Components Agenda Steps to Implement Framework Coordination of Framework Implementation
- 3. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Improving Critical Infrastructure Cybersecurity Executive Order 13636 12 February 2013 “It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties”
- 4. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training According to the Executive Order… Align policy, business and technological approaches to address cyber risks Prioritized, flexible, repeatable, performance-based, and cost- effective approach Identify areas for improvement to be addressed through future collaboration Be consistent with voluntary international standards
- 5. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Why Cybersecurity Framework? It Results in a shift from compliance to action and specific outcomes It has built-in maturity model and gap analysis so you don't need additional maturity model on top of CSF It gives you a measure of where you are and where you need to go It can be implemented in stages or degrees which makes it more appealing to business
- 6. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training What Is Cybersecurity Framework? The Framework is voluntary guidance, based on existing guidelines, and practices for organizations to better manage and reduce cybersecurity risk. CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
- 7. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Types of Frameworks PCI-DSS It is designed to protect credit card, debit card, and cash card transactions ISO 27001/27002 Best practice recommendations for information security management and information security program elements. CIS-Critical Security Controls cyber protection that give noteworthy approaches to stop the present most inescapable attacks NIST Framework Improving critical infrastructure Cybersecurity to improve organization’s risks by leveraging standard methodologies and processes
- 8. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training NIST: Most Popular among Frameworks NIST framework was developed in Feb 2013 after US Presidential Executive order To address national and economic security challenges Reduce cyber risks to critical Infrastructure To be voluntary (for private sector) Collaboratively developed with stakeholders
- 9. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Objectives of the Framework Adaptable, flexible, and scalable Improve Organization’s readiness for managing cybersecurity risk Flexible, repeatable, and performance based Cost-effective Leverage standards, methodologies and processes Promote technology innovation Actionable across the enterprise- focus on outcomes 01 02 03 04 05 06 07
- 10. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Cybersecurity Framework Components Framework Profile Framework Implementation Tiers Framework Core Are an association’s novel arrangement of their organizational prerequisites and goals, and assets against the coveted results of the Framework Core. Guides associations in overseeing and decreasing their Cybersecurity chances in a way that supplements an association’s current Cybersecurity and risk management processes. Describes how cybersecurity risk is managed by an organization and degree the risk management practices exhibit key characteristics
- 11. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Framework Implementation Tiers Tier 1 Partial Tier 2 Risk Informed Tier 3 Repeatable Tier 4 Adaptive The extent to which cybersecurity is considered in broader risk management decisions The degree to which the organization benefits my sharing or receiving information from outside parties The functionality and repeatability of cybersecurity risk managementRisk Management Process Risk Management Program External Participation
- 12. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Framework Core Respond What processes and assets need protection? What techniques can restore capabilities What safeguards are available? What techniques can identify incidents? What techniques can contain impacts on incidents?
- 13. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Framework Core: Identify Function Category ID Identify Asset Management ID.AM Business Environment ID.BE Governance ID.GV Risk Assessment ID.RA Risk Management Strategy ID.RM Protect Access Control PR.AC Awareness and Training PR.AT Data Security PR.DS Information Protection Processes & Procedures PR.IP Maintenance PR.MA Protective Technology PR.PT Detect Anomalies and Events DE.AE Security Continuous Monitoring DE.CM Detection Processes DE.DP Respond Response Planning RS.RP Communications RS.CO Analysis RS.AN Mitigation RS.MI Improvements RS.IM Recover Recovery Planning RC.RP Improvements RC.IM Communications RC.CO This function helps with building up a hierarchical comprehension in overseeing cybersecurity to frameworks, individuals, resources, information, and capacities
- 14. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Framework Profiles: Protect Function Category ID Identify Asset Management ID.AM Business Environment ID.BE Governance ID.GV Risk Assessment ID.RA Risk Management Strategy ID.RM Protect Access Control PR.AC Awareness and Training PR.AT Data Security PR.DS Information Protection Processes & Procedures PR.IP Maintenance PR.MA Protective Technology PR.PT Detect Anomalies and Events DE.AE Security Continuous Monitoring DE.CM Detection Processes DE.DP Respond Response Planning RS.RP Communications RS.CO Analysis RS.AN Mitigation RS.MI Improvements RS.IM Recover Recovery Planning RC.RP Improvements RC.IM Communications RC.CO This function develop and implement the appropriate safeguards and controls to ensure delivery of critical infrastructure services
- 15. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Framework Profiles: Detect Function Category ID Identify Asset Management ID.AM Business Environment ID.BE Governance ID.GV Risk Assessment ID.RA Risk Management Strategy ID.RM Protect Access Control PR.AC Awareness and Training PR.AT Data Security PR.DS Information Protection Processes & Procedures PR.IP Maintenance PR.MA Protective Technology PR.PT Detect Anomalies and Events DE.AE Security Continuous Monitoring DE.CM Detection Processes DE.DP Respond Response Planning RS.RP Communications RS.CO Analysis RS.AN Mitigation RS.MI Improvements RS.IM Recover Recovery Planning RC.RP Improvements RC.IM Communications RC.CO This Function characterizes the fitting exercises to recognize the event of a Cybersecurity occasion. The Detect Function empowers opportune revelation of Cybersecurity occasions.
- 16. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Framework Profiles: Respond Function Category ID Identify Asset Management ID.AM Business Environment ID.BE Governance ID.GV Risk Assessment ID.RA Risk Management Strategy ID.RM Protect Access Control PR.AC Awareness and Training PR.AT Data Security PR.DS Information Protection Processes & Procedures PR.IP Maintenance PR.MA Protective Technology PR.PT Detect Anomalies and Events DE.AE Security Continuous Monitoring DE.CM Detection Processes DE.DP Respond Response Planning RS.RP Communications RS.CO Analysis RS.AN Mitigation RS.MI Improvements RS.IM Recover Recovery Planning RC.RP Improvements RC.IM Communications RC.CO This Function develop and implement the appropriate activities and controls to identify occurrence of a cybersecurity event. It bolsters the capacity to contain the effect of a potential Cybersecurity occurrence.
- 17. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Framework Profiles: Recover Function Category ID Identify Asset Management ID.AM Business Environment ID.BE Governance ID.GV Risk Assessment ID.RA Risk Management Strategy ID.RM Protect Access Control PR.AC Awareness and Training PR.AT Data Security PR.DS Information Protection Processes & Procedures PR.IP Maintenance PR.MA Protective Technology PR.PT Detect Anomalies and Events DE.AE Security Continuous Monitoring DE.CM Detection Processes DE.DP Respond Response Planning RS.RP Communications RS.CO Analysis RS.AN Mitigation RS.MI Improvements RS.IM Recover Recovery Planning RC.RP Improvements RC.IM Communications RC.CO The Recover Function distinguishes proper exercises to keep up plans for versatility and to re-establish any abilities or administrations that were impeded because of a Cybersecurity event.
- 18. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Framework Profile Profiles can be used to identify opportunities for improving Cybersecurity posture by comparing the current profile (“as is” state with the target profile (“to be” state)
- 19. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Steps to Implement Framework Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Prioritize & scope Create a Current Profile Create a Target Profile Orient Conduct a Risk Assessment Determine, analyze & prioritize gaps Step 7 Implement Action Plan
- 20. CYBERSECURITY CERTIFICATION COURSEwww.edureka.co/cybersecurity-certification-training Coordination of Framework Implementation Risk Management Implementation
- 21. Copyright © 2018,edureka and/or its affiliates. All rights reserved. Don’t just learn it, MASTER it with