it itd d cy cyber ber secu curi rity ty the nist
play

IT ITD D Cy Cyber ber Secu curi rity ty The NIST Framework - PowerPoint PPT Presentation

May 16, 2023 •218 likes •336 views

IT ITD D Cy Cyber ber Secu curi rity ty The NIST Framework High Value for ITS Shannon Barnes, CIO Craig Schumacher, CISO Idaho Transportation Department September 2015 NIST Cybersecurity Framework National Institute of Standards

  1. IT ITD D Cy Cyber ber Secu curi rity ty The NIST Framework High Value for ITS Shannon Barnes, CIO Craig Schumacher, CISO Idaho Transportation Department September 2015

  2. NIST Cybersecurity Framework  National Institute of Standards (nist.gov)  Published in February 2014 - a collection of standards, guidelines and practices for reducing cyber risks to critical infrastructure  Industry and private sector partnership  Website http://www.nist.gov/cyberframework 2

  3. Why use NIST Framework  Helps to better understand, manage, and reduce cybersecurity risks.  Determine which activities are most important to assure critical operations and service delivery.  Prioritize investments and maximize the impact of each dollar spent on cybersecurity.  Show executives in a objective quantitative manner the status of the program and where improvements are needed. 3

  4. NIST Framework Details Functions organize basic cybersecurity activities at their highest level  Identify , Protect , Detect , Respond , and Recover  Functions aid ITD in managing risk by:  Organizing information  Enabling risk management decisions  Addressing threats  Show the impact of investments in cybersecurity. 4

  5. Putting the Functions in Perspective 5

  6. NIST Framework Details  Functions  Categories - groups of cybersecurity outcomes closely tied to programmatic needs  Subcategories - specific outcomes of technical and/or management activities  Controls - illustrate a method to achieve the outcomes  Rated by Tiers 6

  7. How did we measure our progress  Developed a matrix (Excel spreadsheet) to evaluate the framework by Sub Category by Tier  Baselined (took an informed guess) at where we were on the framework  Set (aggressive) goals on where we think we should be in 3 to 5 years  Created a method of scoring the NIST by numeric value of the Tier (0 through 4) by Sub Category. 7

  8. Visual Management – Key to Success Create a baseline, set goals, evaluate progress routinely and communicate progress and risks ITD NIST Cyber Security Functions and Goals Quarterly - FY 2015 Adaptive Repeatable Quarter 1 Risk Quarter 2 Informed Quarter 3 Quarter 4 Partial ITD Goal Nothing Identify Protect Detect Respond Recover 8

  9. Lessons Learned  Team was focused on improving areas we were already strong in, not on the things we were weak.  Our baseline was fairly optimistic.  Some scores dropped because we gained a better understanding of what was needed and what we were doing. 9

  10. ITS Opportunities  Identify ID.RA-1  Protect PR.AC-1, PR.AC-2, PR.AC-3, PR.AC-5, PR.AT-3, PR.DS-3, PR.IP-3, PR.MA-1, PR.MA-2, PR.PT-3, PR.PT-4  Detect DE.AE-2, DE.AE-2, DE.CM-2, DE.CM- 7,DE.CM-8, DE.DP-2, DE.DP-3 10

  11. Questions? Email: Craig.Schumacher@itd.idaho.gov NIST: http://www.nist.gov/cyberframework/ 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Leveragi aging g Physi sics cs for or Se Secu curi rity: Micro ro-PM PMUs Us Anna

Leveragi aging g Physi sics cs for or Se Secu curi rity: Micro ro-PM PMUs Us Anna

Leveragi aging g Physi sics cs for or Se Secu curi rity: Micro ro-PM PMUs Us Anna Scaglione, Arizona State University Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security | cred-c.org 1 Contents

268 views • 22 slides
Smal allsa sat Cyber ber Secu ecuri rity ty IQM Research Institute September 25, 25, 2018

Smal allsa sat Cyber ber Secu ecuri rity ty IQM Research Institute September 25, 25, 2018

Smal allsa sat Cyber ber Secu ecuri rity ty IQM Research Institute September 25, 25, 2018 2018 24 Frank Lloyd Wright Drive Michigan A Aerospace M e Manufactures es A Association Space S e Symposium Ann Arbor, Michigan 48106 IQM

231 views • 11 slides
CO CO 447 CO COURSE INTRODUCTION SE SECU CURIT RITY P PROP OPER ERTIE IES SE SECU

CO CO 447 CO COURSE INTRODUCTION SE SECU CURIT RITY P PROP OPER ERTIE IES SE SECU

CO CO 447 CO COURSE INTRODUCTION SE SECU CURIT RITY P PROP OPER ERTIE IES SE SECU CURE D RE DESIG SIGN Dr. Ben Livshits Hi High-Le Level el Course e Lo Logistics cs 2 https://co447.doc.ic.ac.uk/ Cou Course Log ogistics

984 views • 25 slides
ADDRESSING FOOD INSECU CURI RITY IN A A HE HEALTH CAR ARE SETTING G Katy Davis Community

ADDRESSING FOOD INSECU CURI RITY IN A A HE HEALTH CAR ARE SETTING G Katy Davis Community

ADDRESSING FOOD INSECU CURI RITY IN A A HE HEALTH CAR ARE SETTING G Katy Davis Community Health Initiatives Director Hunger Free Vermont October 2, 2019 CC Image courtesy of Juhan Sonin on Flickr Please let us know if either of

321 views • 6 slides
Secu ecurity rity of EV f EV-charging charging Erik Poll Radboud University Nijmegen C-DAX

Secu ecurity rity of EV f EV-charging charging Erik Poll Radboud University Nijmegen C-DAX

Secu ecurity rity of EV f EV-charging charging Erik Poll Radboud University Nijmegen C-DAX is funded by the European Union's Seventh Framework Programme (FP7-ICT-2011-8) under grant agreement n 318708 EV EV ch char arging: ging: th

434 views • 19 slides
County Court Assistants Training Conference Practical Appl pplication o n of Sen enate B Bill

County Court Assistants Training Conference Practical Appl pplication o n of Sen enate B Bill

County Court Assistants Training Conference Practical Appl pplication o n of Sen enate B Bill ill 42; 2; The I Impact and C nd Cha hallen enges s of Providing g Cou ourt rt S Secu curi rity y By: Thomas Kerss, Senior LE

418 views • 22 slides
Ge Gender er St Stra rate tegy gy and Ac Acti tion on Plan an for or Nati tional onal

Ge Gender er St Stra rate tegy gy and Ac Acti tion on Plan an for or Nati tional onal

Ge Gender er St Stra rate tegy gy and Ac Acti tion on Plan an for or Nati tional onal Soc ocial al Secu curi rity ty Str trate tegy gy of of Ba Banglad ngladesh esh Fer erdousi ousi Su Sult ltana a Beg egum um 23

328 views • 19 slides
TH THE WEAKEST ST LINK IN CY CYBER ER SECU SECURITY TY 1 Introduction In Ren Sloos

TH THE WEAKEST ST LINK IN CY CYBER ER SECU SECURITY TY 1 Introduction In Ren Sloos

11/4/19 TH THE WEAKEST ST LINK IN CY CYBER ER SECU SECURITY TY 1 Introduction In Ren Sloos - MCT, MCSE, CNE, CSSA Technical Account Manager at Bulletproof IT Managed Service Provider for ~70 organizations Municipalities

67 views • 6 slides
BF BFA 2017 Wave velet tra ransf sforma rmation c 0 , c 1 , c 2 , c 3 , c 4 , c 5 , c 6 , c 7

BF BFA 2017 Wave velet tra ransf sforma rmation c 0 , c 1 , c 2 , c 3 , c 4 , c 5 , c 6 , c 7

Wave velet tra ransf sforma rmation and its s applica cation in informa rmation secu se curi rity Al Alla Levi vina BF BFA 2017 Wave velet tra ransf sforma rmation c 0 , c 1 , c 2 , c 3 , c 4 , c 5 , c 6 , c 7 , . . . , c 2L

472 views • 35 slides
Designing, Building and Managing a Cyber Security Program Based on the NIST Cybersecurity

Designing, Building and Managing a Cyber Security Program Based on the NIST Cybersecurity

Designing, Building and Managing a Cyber Security Program Based on the NIST Cybersecurity Framework (NIST CSF) A Business Case Agenda and Objectives The Digital Innovation Economy The Cyber Security Problem The Cyber Security Solution

260 views • 22 slides
CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec

CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec

CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec @CHIPSEC Wha What is is Pl Platform rm Se Secu curi rity? ty? Hardware Implementation and Configuration Available Security Features

695 views • 20 slides
Web App Log Analytics www.roykim.ca roy@roykim.ca Op Open Web Applica cation tion Secu

Web App Log Analytics www.roykim.ca roy@roykim.ca Op Open Web Applica cation tion Secu

August 21, 2019 Web App Log Analytics www.roykim.ca roy@roykim.ca Op Open Web Applica cation tion Secu curity rity Project ject OWASP ModSecurity Core Rule Set (CRS) OWASP Top 10 Most Critical Web Application Security Risks

490 views • 21 slides
rpliA Implantable Medical Devices Cyber Risks and Mitigation Approaches NIST Cyber Physical

rpliA Implantable Medical Devices Cyber Risks and Mitigation Approaches NIST Cyber Physical

rpliA Implantable Medical Devices Cyber Risks and Mitigation Approaches NIST Cyber Physical Systems Workshop April 23-24, 2012 Dr. Sarbari Gupta, CISSP, CISA sarbari@electrosoft-inc.com; 703-437-9451 ext 12 Agenda Overview of IMDs

553 views • 28 slides
IOT AND SMART CITIES Sokwoo Rhee Associate Director of Cyber-Physical Systems Program National

IOT AND SMART CITIES Sokwoo Rhee Associate Director of Cyber-Physical Systems Program National

NIST IOT AND SMART CITIES Sokwoo Rhee Associate Director of Cyber-Physical Systems Program National Institute of Standards and Technology (NIST) US Department of Commerce NIST Integrated, hybrid networks of cyber and engineered physical

361 views • 25 slides
Opening Remarks Cybersecurity in Cyber-Physical Systems Workshop hosted by NIST Information

Opening Remarks Cybersecurity in Cyber-Physical Systems Workshop hosted by NIST Information

Opening Remarks Cybersecurity in Cyber-Physical Systems Workshop hosted by NIST Information Technology Laboratory April 23-24, 2012 George W. Arnold, Eng.Sc.D. Director, Smart Grid and Cyber-Physical Systems Program Office Engineering

534 views • 12 slides
NIST Information Technology Laboratory (ITL) The Cyber Maryland Showcase Security Automation

NIST Information Technology Laboratory (ITL) The Cyber Maryland Showcase Security Automation

NIST Information Technology Laboratory (ITL) The Cyber Maryland Showcase Security Automation Guidance Tower of Babel Documents Too much Alerts & Web Sites proprietary, Advisories incompatible information Costly

93 views • 8 slides
NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview The University of Pittsburgh NIST Cybersecurity Framework Pitt NIST Cybersecurity Framework Program Wrap Up Questions The

472 views • 33 slides
Eco-Friendly Educational Hub. Excellent Campus with Academic Ambience

Eco-Friendly Educational Hub. Excellent Campus with Academic Ambience

Eco-Friendly Educational Hub. Excellent Campus with Academic Ambience Excellent Academic Results Free Branded Laptop and Cell Phone 24x7 Dedicated Internet Leased Line. Fully Air-conditioned Class Rooms for

431 views • 42 slides
MGX CEO Presentation 23 March 2018 Disclaimer This Document is Confidential and may not be

MGX CEO Presentation 23 March 2018 Disclaimer This Document is Confidential and may not be

General Meeting MGX CEO Presentation 23 March 2018 Disclaimer This Document is Confidential and may not be reproduced, redistributed or passed on, directly or indirectly, to any other person, or published, in whole or in part, for any purpose

390 views • 13 slides
Corporate Presentation August 30, 2020 TSX: ZENA Disclaimers IMPORTANT: YOU MUST READ THE

Corporate Presentation August 30, 2020 TSX: ZENA Disclaimers IMPORTANT: YOU MUST READ THE

Corporate Presentation August 30, 2020 TSX: ZENA Disclaimers IMPORTANT: YOU MUST READ THE FOLLOWING BEFORE CONTINUING . The information contained in this document has been prepared by Zenabis Global Inc. ( Zenabis or the Company) .

795 views • 31 slides
Cybersecurity Requirements for Federal Contracts Seminar 8/9/17, 9- noon Time Topic Speaker

Cybersecurity Requirements for Federal Contracts Seminar 8/9/17, 9- noon Time Topic Speaker

Cybersecurity Requirements for Federal Contracts Seminar 8/9/17, 9- noon Time Topic Speaker 9-9:30 Arrival and Breakfast - 9:30 Welcome Don Pital, Manager GaMEP Don.pital@innovate.gatech.edu 9:35-9:55 Ga Sponsor Introductions Karen

782 views • 39 slides
The VVSG Version 1.1 Overview John P. Wack john.wack@nist.gov NIST Voting Program National

The VVSG Version 1.1 Overview John P. Wack john.wack@nist.gov NIST Voting Program National

The VVSG Version 1.1 Overview John P. Wack john.wack@nist.gov NIST Voting Program National Institute of Standards and Technology Overview Background and issues Selection criteria for ported material Overview of the ported material

535 views • 15 slides
Using&Risk&Management&to&Improve& Privacy&in&Informa7on&Systems 1

Using&Risk&Management&to&Improve& Privacy&in&Informa7on&Systems 1

Using&Risk&Management&to&Improve& Privacy&in&Informa7on&Systems 1 Poten7al&Problems&for&Individuals Loss&of&Autonomy Exclusion Loss&of&Self& Loss&of&Liberty

538 views • 19 slides
NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov

NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov

NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov ICANN Meeting Oct. 15 th , 2014 Los Angeles CA First, A Bit of History 2011 USG DNSSEC Tiger Team has a 2 nd goal: authenticated email

308 views • 4 slides

More recommend