Cybersecurity Risk Management:

Similar documents
The NIST Cybersecurity Framework

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

Framework for Improving Critical Infrastructure Cybersecurity

Overview of the Cybersecurity Framework

Views on the Framework for Improving Critical Infrastructure Cybersecurity

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Erik Puskar Standards Coordination Office 30 May, 2013 World Trade Center Moscow

Updates to the NIST Cybersecurity Framework

Commonwealth Cyber Declaration

NIST Cybersecurity Testbed for Transportation Systems. CheeYee Tang Electronics Engineer National Institute of Standards and Technology

AAPA Smart Ports. Cyber Management for Ports Panel. Small Port Cyber Security Workshops. March 6, 2018

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

Implementing Executive Order and Presidential Policy Directive 21

The U.S. Government s Role in Standards and Conformity Assessment

Re: McAfee s comments in response to NIST s Solicitation for Comments on Draft 2 of Cybersecurity Framework Version 1.1

NCSF Foundation Certification

Section One of the Order: The Cybersecurity of Federal Networks.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Joint Declaration by G7 ICT Ministers

standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices

Cyber Security and Cyber Fraud

STRATEGIC PLAN

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

NIST is part of the Department of Commerce

Cyber Management for Ports Results of Small Port Cyber Security Workshops

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

ENISA EU Threat Landscape

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

National Cybersecurity Center of Excellence

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Smart Manufacturing and Standards: The NIST Role

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

Cybersecurity Framework Manufacturing Profile

NCSF Foundation Certification

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure:

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

THE POWER OF TECH-SAVVY BOARDS:

Information Security Continuous Monitoring (ISCM) Program Evaluation

Department of Homeland Security Customs and Border Protection. Centers of Excellence and Expertise

National Cybersecurity Challenges and NIST. Matthew Scholl Chief Computer Security Division

Using the NIST Framework for Metrics 5/14/2015

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Professional Training Course - Cybercrime Investigation Body of Knowledge -

National Initiative for Cybersecurity Education

UAE Space Policy Efforts Towards Long Term Sustainability of Space Activities Agenda Item 4; COPUOS June 2017 By: Space Policy and

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Cybersecurity & Privacy Enhancements

Enterprise Risk Management (ERM) and Cybersecurity. Na9onal Science Founda9on March 14, 2018

MEP: A National Resource for Connecting & Assisting Small U.S. Manufacturers with Viable Business Opportunities

The Office of Infrastructure Protection

Global Standards Information. Standards Simulation Training for the USG ICES Workshop. July 6, 2010

Framework for Improving Critical Infrastructure Cybersecurity

Mapping to the National Broadband Plan

A Working Paper of the EastWest Institute Breakthrough Group. Increasing the Global Availability and Use of Secure ICT Products and Services

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

STRATEGIC PLAN. USF Emergency Management

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

NCCoE TRUSTED CLOUD: A SECURE SOLUTION

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Department of Homeland Security Updates

FDA & Medical Device Cybersecurity

Department of Homeland Security Customs and Border Protection. Centers of Excellence and Expertise

USE CASE STUDY. Connecting Data Through Mission. Department of Transportation (DOT) A Product of the Federal CIO Council Innovation Committee

National Strategy for CBRNE Standards

United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cybersecurity and the Marine Transportation System.

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

India s National Policy On. Information Technology. Ajay Sawhney, President & CEO, National egovernance Division, Dept of IT

Opening Doors to Cyber and Homeland Security Careers

Legal and Regulatory Developments for Privacy and Security

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Mr. Games, Thank you. Kent Landfield McAfee, LLC. [Attachment Copied Below]

Liberia ICT Policy

CHAIR S SUMMARY: G7 ENERGY MINISTERS MEETING

DOWNLOAD OR READ : MANAGING CYBERSECURITY RESOURCES A COST BENEFIT ANALYSIS THE MCGRAW HILL HOMELAND SECURITY SERIES PDF EBOOK EPUB MOBI

Stakeholder feedback form

Building an Assurance Foundation for 21 st Century Information Systems and Networks

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Cyber Security & Homeland Security:

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release September 23, 2014 EXECUTIVE ORDER

Cybersecurity for ALL

Navigation and Vessel Inspection Circular (NVIC) 05-17; Guidelines for Addressing

Long-Term Power Outage Response and Recovery Tabletop Exercise

A Controls Factory Approach To Building a Cyber Security Program Based on the NIST Cybersecurity Framework (NCSF)

Transcription:

Cybersecurity Risk Management: Building a Culture of Responsibility G7 ICT and Industry Multistakeholder Conference September 25 2017 Adam Sedgewick asedgewick@doc.gov

Cybersecurity in the Department of Commerce Trust can t be imposed on a marketplace. To create the conditions for economic growth and opportunity. As part of the Administration s economic team, the Secretary of Commerce serves as the voice of U.S. business within the President s Cabinet. There is no single solution for addressing security concerns in cyberspace. Every Bureau Plays a Role 2

National Institute of Standards and Technology (NIST) About NIST NIST s mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. 3,000 employees 2,700 guest researchers 1,300 field staff in partner organizations Two main locations: Gaithersburg, MD and Boulder, CO NIST Priority Research Areas Advanced Manufacturing IT and Cybersecurity Healthcare Forensic Science Disaster Resilience Cyber-physical Systems Advanced Communications

Cybersecurity and the Digital Economy To ensure that the internet remains valuable for future generations, it is the policy of the executive branch to promote an open, interoperable, reliable, and secure internet that fosters efficiency, innovation, communication, and economic prosperity, while respecting privacy and guarding against disruption, fraud, and theft. Executive Order 13800 11 May 2017 4

Approach to Organizational Risk Management: The Cybersecurity Framework Developed for CI, now used by organizations of any size, in any sector. That already or don t yet have a mature cyber risk management and cybersecurity program With a mission of helping keep up-to-date on managing risk and facing business threats 5

Key Properties of Cyber Risk Management Integrated Risk Management Program Risk Management Process External Participation 6

Example Approach in the CSF: Implementation Tiers Risk Management Process Integrated Risk Management Program External Participation 1 2 3 4 Partial Risk Informed Repeatable Adaptive The functionality and repeatability of cybersecurity risk management The extent to which cybersecurity is considered in broader risk management decisions The degree to which the organization benefits my sharing or receiving information from outside parties 7 7

Key Attributes of the Approach It s voluntary Is meant to be customized. It s a framework, not a prescriptive standard Provides a common language and systematic methodology for managing cyber risk. Does not tell an organization how much cyber risk is tolerable, nor provide the one and only formula for cybersecurity. Enable best practices to become standard practices via common lexicon to enable action across diverse stakeholders. It s a living document Can be updated as stakeholders learn from implementation Can be updated as technology and threats changes. 8

International Uses of the CSF Used by over 30% of U.S. organizations, trending to 50% (per Gartner) Includes many Multinational Corporations Used by international governments and orgs: Japanese translation by IPA Italian adaptation within Italy s National Framework for Cybersecurity Hebrew adaptation by Government of Israel ISO/IEC Study Periods and Technical Reports Proposed Draft Technical Report ISO 27103 9

Continued Projects to Support CSF Use Technical Privacy Standards Authenication Supply Chain Risk Managment Automated Indicator Sharing International Aspects, Impacts, and Alignment Cybersecurity Framework Conformity Assessment Federal Agency Cybersecurity Alignment Cybersecurity Workforce Data Analytics 10

Expanding Resources www.nist.gov/cyberframework/industry-resources Manufacturing Profile NIST Discrete Manufacturing Cybersecurity Framework Profile Self-Assessment Criteria Baldrige Cybersecurity Excellence Builder Maritime Profile U.S. Coast Guard Bulk Liquid Transport Profile 11

National Initiative for Cybersecurity Education EO 13800: the United States seeks to support the growth and sustainment of a workforce that is skilled in cybersecurity and related fields as the foundation for achieving our objectives in cyberspace Strategic Goals: Accelerate Learning and Skills Development Nurture a Diverse Learning Community Guide Career Development and Workforce Planning 12

U.S. Strategic Engagement in International Cybersecurity Standards To ensure cybersecurity and resiliency of U.S. information and communications systems and supporting infrastructures, we must develop and use robust cybersecurity standards and assessment schemes. Four key (and interrelated) objectives for standards and assessment: Enhancing national and economic security and public safety Ensuring standards and assessment tools are technically sound Facilitating international trade Promoting innovation and competitiveness Standards developing bodies that develop standards through open, transparent, impartial, and consensus-based processes and are globally relevant are strongly preferred. 13

Resources Where to Learn More and Stay Current The National Institute of Standards and Technology Web site is available at http://www.nist.gov NIST Computer Security Division Computer Security Resource Center is available at http://csrc.nist.gov/ The Framework for Improving Critical Infrastructure Cybersecurity and related news and information are available at www.nist.gov/cyberframework For additional Framework info and help cyberframework@nist.gov

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback