410 likes | 1.81k Views
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **<br>This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks. <br><br>Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
E N D
CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Agenda Improving Critical Infrastructure Cybersecurity Why Cybersecurity Framework? Types of Cybersecurity Framework Cybersecurity Framework Components Steps to Implement Framework Coordination of Framework Implementation CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Improving Critical Infrastructure Cybersecurity “It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties” Executive Order 13636 12 February 2013 CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
According to the Executive Order… Align policy, business and technological approaches to address cyber risks Prioritized, flexible, repeatable, performance-based, and cost- effective approach Identify areas for improvement to be addressed through future collaboration Be consistent with voluntary international standards CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Why Cybersecurity Framework? It Results in a shift from compliance to action and specific outcomes It gives you a measure of where you are and where you need to go It can be implemented in stages or degrees which makes it more appealing to business It has built-in maturity model and gap analysis so you don't need additional maturity model on top of CSF CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
What Is Cybersecurity Framework? The Framework is voluntary guidance, based on existing guidelines, and practices for organizations to better manage and reduce cybersecurity risk. CYBERSECURITY CERTIFICATION COURSE CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training www.edureka.co/cybersecurity-certification-training
Types of Frameworks NIST Framework Improving critical infrastructure Cybersecurity to improve organization’s risks by leveraging standard methodologies and processes PCI-DSS It is designed to protect credit card, debit card, and cash card transactions ISO 27001/27002 Best practice recommendations for information security management and information security program elements. CIS-Critical Security Controls cyber protection that give noteworthy approaches to stop the present most inescapable attacks CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
NIST: Most Popular among Frameworks NIST framework was developed in Feb 2013 after US Presidential Executive order To address national and economic security challenges To be voluntary (for private sector) Reduce cyber risks to critical Infrastructure Collaboratively developed with stakeholders CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Objectives of the Framework 03 01 05 06 07 02 04 Leverage standards, methodologies and processes Promote technology innovation Actionable across the enterprise- focus on outcomes Adaptable, flexible, and scalable Improve Organization’s readiness for managing cybersecurity risk Flexible, repeatable, and performance based Cost-effective CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Cybersecurity Framework Components Are an association’s novel arrangement of their organizational prerequisites and goals, and assets against the coveted results of the Framework Core. Guides associations in overseeing and decreasing their Cybersecurity chances in a way that supplements an association’s current Cybersecurity and risk management processes. Framework Core Framework Profile Framework Implementation Tiers Describes how cybersecurity risk is managed by an organization and degree the risk management practices exhibit key characteristics CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Framework Implementation Tiers Tier 4 Adaptive Tier 1 Partial Tier 2 Tier 3 Risk Informed Repeatable The functionality and repeatability of cybersecurity risk management Risk Management Process The extent to which cybersecurity is considered in broader risk management decisions Risk Management Program The degree to which the organization benefits my sharing or receiving information from outside parties External Participation CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Framework Core What processes and assets need protection? What safeguards are available? What techniques can identify incidents? What techniques can restore capabilities Respond What techniques can contain impacts on incidents? CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Framework Core: Identify Function Category ID Asset Management Business Environment Governance Risk Assessment Risk Management Strategy Access Control Awareness and Training Data Security Information Protection Processes & Procedures Maintenance Protective Technology Anomalies and Events Security Continuous Monitoring Detection Processes Response Planning Communications Analysis Mitigation Improvements Recovery Planning Improvements Communications ID.AM ID.BE ID.GV ID.RA ID.RM PR.AC PR.AT PR.DS PR.IP PR.MA PR.PT DE.AE DE.CM DE.DP RS.RP RS.CO RS.AN RS.MI RS.IM RC.RP RC.IM RC.CO This function helps with building up a hierarchical comprehension in overseeing cybersecurity to frameworks, individuals, resources, information, and capacities Identify Protect Detect Respond Recover CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Framework Profiles: Protect Function Category ID Asset Management Business Environment Governance Risk Assessment Risk Management Strategy Access Control Awareness and Training Data Security Information Protection Processes & Procedures Maintenance Protective Technology Anomalies and Events Security Continuous Monitoring Detection Processes Response Planning Communications Analysis Mitigation Improvements Recovery Planning Improvements Communications ID.AM ID.BE ID.GV ID.RA ID.RM PR.AC PR.AT PR.DS PR.IP PR.MA PR.PT DE.AE DE.CM DE.DP RS.RP RS.CO RS.AN RS.MI RS.IM RC.RP RC.IM RC.CO Identify This function develop and implement the appropriate safeguards and controls to ensure delivery of critical infrastructure services Protect Detect Respond Recover CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Framework Profiles: Detect Function Category ID Asset Management Business Environment Governance Risk Assessment Risk Management Strategy Access Control Awareness and Training Data Security Information Protection Processes & Procedures Maintenance Protective Technology Anomalies and Events Security Continuous Monitoring Detection Processes Response Planning Communications Analysis Mitigation Improvements Recovery Planning Improvements Communications ID.AM ID.BE ID.GV ID.RA ID.RM PR.AC PR.AT PR.DS PR.IP PR.MA PR.PT DE.AE DE.CM DE.DP RS.RP RS.CO RS.AN RS.MI RS.IM RC.RP RC.IM RC.CO Identify Protect This Function characterizes the fitting exercises to recognize the event of a Cybersecurity occasion. The Detect Function empowers opportune revelation of Cybersecurity occasions. Detect Respond Recover CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Framework Profiles: Respond Function Category ID Asset Management Business Environment Governance Risk Assessment Risk Management Strategy Access Control Awareness and Training Data Security Information Protection Processes & Procedures Maintenance Protective Technology Anomalies and Events Security Continuous Monitoring Detection Processes Response Planning Communications Analysis Mitigation Improvements Recovery Planning Improvements Communications ID.AM ID.BE ID.GV ID.RA ID.RM PR.AC PR.AT PR.DS PR.IP PR.MA PR.PT DE.AE DE.CM DE.DP RS.RP RS.CO RS.AN RS.MI RS.IM RC.RP RC.IM RC.CO Identify Protect Detect This Function develop and implement the appropriate activities and controls to identify occurrence of a cybersecurity event. It bolsters the capacity to contain the effect of a potential Cybersecurity occurrence. Respond Recover CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Framework Profiles: Recover Function Category ID Asset Management Business Environment Governance Risk Assessment Risk Management Strategy Access Control Awareness and Training Data Security Information Protection Processes & Procedures Maintenance Protective Technology Anomalies and Events Security Continuous Monitoring Detection Processes Response Planning Communications Analysis Mitigation Improvements Recovery Planning Improvements Communications ID.AM ID.BE ID.GV ID.RA ID.RM PR.AC PR.AT PR.DS PR.IP PR.MA PR.PT DE.AE DE.CM DE.DP RS.RP RS.CO RS.AN RS.MI RS.IM RC.RP RC.IM RC.CO Identify Protect Detect Respond The Recover Function distinguishes proper exercises to keep up plans for versatility and to re-establish any abilities or administrations that were impeded because of a Cybersecurity event. Recover CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Framework Profile Profiles can be used to identify opportunities for improving Cybersecurity posture by comparing the current profile (“as is” state with the target profile (“to be” state) CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Steps to Implement Framework Create a Current Profile Implement Action Plan Create a Target Profile Prioritize & scope Step 6 Step 2 Step 4 Step 1 Step 3 Step 5 Step 7 Orient Conduct a Risk Assessment Determine, analyze & prioritize gaps CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Coordination of Framework Implementation Risk Management Implementation CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training
Don’t just learn it, MASTER it with Copyright © 2018, edureka and/or its affiliates. All rights reserved.