The Cybersecurity Framework Version 1.1 October 2019.

Slides:

Advertisements

Présentations similaires

Échanger connaissances et techniques sur les routes et le transport routier 1 The PIARC Website.

Advertisements

Cours MIAGE « Urbanisation des Systèmes dInformation » Henry Boccon-Gibod 1 Urbanisation de Système d'Information L'approche Togaf © 2008 The Open Group.

Defence R&D Canada R et D pour la défense Canada Novel Concepts for the COP of the Future Denis Gouin Alexandre Bergeron-Guyard DRDC Valcartier.

Les attentes de l’AFCN et Bel V dans le domaine de la culture de sûreté Manfred Schrauben - AFCN Henri Drymael - Bel V.

Regional Preparatory Meeting Kigali Key messages from session 5 “ Enhancing results by applying the Paris Declaration at sector level ” Messages clés de.

Crédits photos : CampusFrance © Ministère des Affaires étrangères et européennes Co-funded Scholarship Programmes.

Conflict of Interest Declaration I have/had an affiliation (financial or otherwise) with a commercial organization within the past two years Financial.

Mise à jour Processus d’agrément. Nouvelles règles  Information sur les programmes recueillie aux 2 ans  réel processus d’amélioration continue de la.

SECURITY OF SUPPLY Georges Bouchard GDF SUEZ European Gas Forum 2010 – Madrid, 19th February 2010.

UNOCI SSR Strategy 10 July 2013 UNOCI UNITED NATIONS United Nations Operation in Côte d’Ivoire NATIONS UNIES Opération des Nations Unies en Côte d’Ivoire.

1 Case Study 1: UNIX and LINUX Chapter History of unix 10.2 Overview of unix 10.3 Processes in unix 10.4 Memory management in unix 10.5 Input/output.

Electronic Instrumentation Lecturer Touseef Yaqoob1 Sensors and Instrumentation Sensors and Instrumentation.

IP Multicast Text available on

1 ISO/TC 176/SC 2/N1282 ISO 9001:2008 to ISO 9001:2015 Summary of Changes.

From Implementing Cisco IP Routing (ROUTE) Foundation Learning Guide by Diane Teare, Bob Vachon and Rick Graziani ( ) Copyright © 2015 Cisco Systems,

UNEP / ICCA Workshop TEMA June DG and GHS Classification System.

Subject: CMS(Content Management System) Université Alioune DIOP de Bambey UFR Sciences Appliquées et Technologies de l’Information et de la Communication.

Project Management 1. What is Project Management.

Strategy and Organization (STOR)

Cadre intégré de classification de la sécurité alimentaire (IPC)

a Council of Europe update for the

Reference Document Document de référence

IGTMD réunion du 4 Mai 2007 CC IN2P3 Lyon

Draft Treasury Board of Canada Secretariat

Indirect Object Pronouns

L’architecture de l’information

Conjugating regular –er verbs en français

Resource Mobilization

Skills development: for whom and for what?

Data Driven Decision Making Workshop Sept , Kigali, Rwanda

About INTEGRA The Integrated community, probation and prison services radicalisation prevention approach strives to improve the transition process between.

- 20/02/ TTM key success factor 1 : Work in a project team …. So we must work in a team ! Mark & sales Technology NTW, IT & Device Implementation.

REVISED JUDGING CRITERION: UNDERSTANDING LIVELIHOODS.

French: Leaving Certificate Options

P&ID SYMBOLS. P&IDs Piping and Instrumentation Diagrams or simply P&IDs are the “schematics” used in the field of instrumentation and control (Automation)

1 ISO/TC 176/SC 2/N1219 ISO 9001:2015 Revision overview - General users July 2014.

Basic Business Statistics, 10e © 2006 Prentice-Hall, Inc. Chap 1-1 Chapter 1 Introduction and Data Collection Basic Business Statistics 10 th Edition.

G. Peter Zhang Neurocomputing 50 (2003) 159–175 link Time series forecasting using a hybrid ARIMA and neural network model Presented by Trent Goughnour.

High-Availability Linux Services And Newtork Administration Bourbita Mahdi 2016.

Restoration efforts required for achieving the objectives of the Birds and Habitats Directives Expert Group on Reporting under the Nature Directives –

Buddy Program AEGEE-Alicante

NOUS SOMMES UNIS The Forum was established as a collective in 2010 at the same time that the Task Force on Financial Literacy issued their report. We.

Forum national sur l’IMT de 2004.

Definition Division of labour (or specialisation) takes place when a worker specialises in producing a good or a part of a good.

Standards Certification Education & Training Publishing Conferences & Exhibits Automation Connections ISA EXPO 2006 Wed, 1:00 Oct 18.

By:- Israr K. Raja Islamabad, Pakistan. Supply Chain Activities those Affect the Financial Performance Supply chain managers make decisions and use organizational.

Vulnerability Analysis by : Wail Belhouchet Dr Djouad Tarek 1.

BRMS Implementation Status Update Template designed by 18-July-2015.

Emerging Threats Program Text The Emerging Pandemic Threats Program.

Presented by :  Hanane abou El hourouf  Fatima bouloudinat  Hanane Ezzaghmouti  Safaa legnaoui Under guidance:  Mr.Bouhandi.

By : HOUSNA hebbaz Computer NetWork. Plane What is Computer Network? Type of Network Protocols Topology.

William De Angelis EU Cybersecurity strategy N.I.S. Directive C.I.L.E. compliance guidance.

BIENVENUE. Sommaire Maison Intelligente La Domotique ? Qu'est ce que c'est la domotique ? Détails et exemple Ma partie dans ce projet Détails de mon projet.

MESURE DE RESULTATS DES IRR

GBSN 2018 Annual Conference Contingency Factors of Corporate Entrepreneurship in Traditional and Modern Sectors: The Case of Morocco Brahim Allali, PhD.

Ftpworldwide-Company FTP Worldwide has a simple, secure and flexible solution for your managed file transfer and file sharing needs. Unlike many of our.

1 ISO/TC 176/SC 2/WG23 N062 ISO 9001:2015 Revision Overview August 2013.

Laboratory Information Management Systems (LIMS) Lindy A. Brigham Div of Plant Pathology and Microbiology Department of Plant Sciences PLS 595D Regulatory.

3rd February, 2016 Alstom Controlling. © ALSTOM All rights reserved. Information contained in this document is indicative only. No representation.

Soutenance de thèse: Okba Taouali 1 02/08/2019 Fathia AZZOUZI, Adam BOURAS, Nizar JEBLI Conceptual specifications of a cooperative inter- machines dialogue.

CRA HR Modernization Journey

Dematerialization and use of social networks in public administrations: Emergence of Citizen Relationship Management (CiRM) in Morocco EL YACHIOUI Maryam.

Insights on V2X Technology ARCHI - Symposium Applied Research on Charging Infrastructure 24th January, Amsterdam Sara González Villafranca.

WE EMPOWER A Programme by UN WOMEN, the European Union and the International Labour Organization Un programme de l’ONU Femmes, l’Union Européenne et l’Organisation.

Revenue Planning SAP Best Practices. ©2013 SAP AG. All rights reserved.2 Purpose, Benefits, and Key Process Steps Purpose  Plan the revenue and the costs.

M’SILA University Information Communication Sciences and technology

Transcription de la présentation:

The Cybersecurity Framework Version 1.1 October 2019

Cybersecurity Framework History February Executive Order 13636: Improving Critical Infrastructure Cybersecurity December Cybersecurity Enhancement Act of 2014 (P.L ) May Executive Order 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

The Cybersecurity Framework Three Primary Components Core Desired cybersecurity outcomes organized in a hierarchy and aligned to more detailed guidance and controls Profiles Alignment of an organization’s requirements and objectives, risk appetite and resources using the desired outcomes of the Framework Core Implementation Tiers A qualitative measure of organizational cybersecurity risk management practices

Common and accessible language Adaptable to many technologies, lifecycle phases, sectors and uses Risk-based Based on international standards Living document Guided by many perspectives – private sector, academia, public sector Key Framework Attributes Principles of Current and Future Versions of the Framework

The Framework Core Establishes a Common Language Describes desired outcomes Understandable by everyone Applies to any type of risk management Defines the entire breadth of cybersecurity Spans both prevention and reaction Function Identify Protect Detect Respond Recover

An Excerpt from the Framework Core The Connected Path of Framework Outcomes 5 Functions23 Categories108 Subcategories6 Informative References

Implementation Tiers The Cybersecurity Framework Version PartialRisk InformedRepeatableAdaptive Risk Management Process The functionality and repeatability of cybersecurity risk management Integrated Risk Management Program The extent to which cybersecurity is considered in broader risk management decisions External Participation The degree to which the organization: monitors and manages supply chain risk 1.1 benefits my sharing or receiving information from outside parties

Framework Update The Cybersecurity Framework Version 1.1 Applicability for all system lifecycle phases Enhanced guidance for managing cybersecurity within supply chains and for buying decisions New guidance for self-assessment Better accounts for Authorization, Authentication, and Identity Proofing Incorporates emerging vulnerability information (a.k.a., Coordinated Vulnerability Disclosure) Administratively updates the Informative References

International Use Translations, Adaptations, and Other References World-Wide

Sample Resources Financial Services Profile Financial Services Sector Specific Cybersecurity “Profile” Manufacturing Profile NIST Discrete Manufacturing Cybersecurity Framework Profile NIST Discrete Manufacturing Cybersecurity Framework Profile Maritime Profile Bulk Liquid Transport Profile

Success Stories University of Chicago Biological Sciences Division Japan’s Cross-Sector Forum ISACA University of Pittsburgh University of Kansas Medical Center Multi-State Information Sharing & Analysis Center

STAYING NCCoE.NIST.govCSRC.NIST.gov