Welcome to Colorado Springs - WordPress.com · 2019. 8. 5. · Security Continuous Monitoring (DE.CM) Detection Processes (DE.DP) Response Planning (RS.RP) Communications (RS.CO)

Welcome to Colorado Springs

1

Compliance vs. Cybersecurity

2

3

• How many remember the massivecomputers in the huge computer rooms?– What were the advantages?– What were the disadvantages?

4

Chat about one solution

• National Institute of Standards andTechnology (NIST)– U.S. Department of Commerce

• Cybersecurity Framework– https://www.nist.gov/cyberframework

What has NIST provided?

5

• Identify• Protect• Detect• Respond• Recover

Framework Functions

6

Categories within Functions

7

• Isn’t that just like IT folks, wanting to useacronyms everywhere!?!?!?!

Do Not Panic!!!

8


9

• The data, personnel, devices, systems,and facilities that enable an organizationto achieve business purposes areidentified and managed consistent withtheir relative importance to businessobjectives and the organization’s riskstrategy.

ID.AM

10


11

• Analysis is conducted to ensureadequate response and support recoveryactivities.

RS.AN

12


13

• Detection processes and procedures aremaintained and tested to ensure timelyand adequate awareness of anomalousevents.

DE.DP

14


15

• Recovery planning and processes areimproved by incorporating lessonslearned into future activities.

RC.IM

16

Where does one go from here?

17

Questions

18

[email protected]

Documents

Welcome to Colorado Springs - WordPress.com · 2019. 8. 5. · Security Continuous Monitoring (DE.CM) Detection Processes (DE.DP) Response Planning (RS.RP) Communications (RS.CO)