Cybersecurity framework v1-1_presentation
Download as PPTX, PDF0 likes244 views
The document summarizes the Cybersecurity Framework, which provides a common language to manage cybersecurity risk across complex operations and sectors. It has three main components: the Core, which defines desired outcomes; Profiles, which align requirements to the Core; and Implementation Tiers, which assess risk management practices. The Framework is adaptable, risk-based, and based on international standards. Version 1.1 enhances guidance for supply chains and self-assessment. Various organizations have found success applying the Framework.
1 of 12
Download to read offline
Ad
Recommended
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security The document discusses the results of an expert survey about future cyber attacks and IT security challenges in 2025. Experts predict that (1) attacks on the Internet of Things will increase, (2) next generation malware will be more sophisticated and precise, and (3) social engineering attacks targeting users will rise. To combat these threats, IT security needs to offer advanced artificial intelligence for quick response and automated detection of targeted attacks, as well as new authentication methods. Experts say the biggest challenges are users' lack of security awareness, exploding data volumes, lack of coordination against cybercrime, and fast technological changes like the IoT. Companies must increase security training and continuously improve automated data analysis and secure cloud solutions to ensure IT security
The Internet of Things (IoT) and cybersecurity: A secure-by-design approach
The Internet of Things (IoT) and cybersecurity: A secure-by-design approachDeloitte United States Cyberattacks, data breaches and overall business disruption, caused by unsecured IoT devices in the workplace and used by third parties, are increasing. This is because companies don’t know the depth and breadth of the risk exposures they face when leveraging IoT devices and other emerging technologies. The results of a poll by Deloitte and Dragos shed light on how ready organizations are for securing connected devices.
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL This presentation is an attempt to present the complex Subject of Cybersecurity in a concise format with main focus to present the core of Cybersecurity and best practises and standards to protect an enterprise Network.Comments of readers welcomed.Thank You (Wajahat Iqbal)
Email: [email protected]
Application Security
Application Securityflorinc The document summarizes application security best practices. It discusses who is responsible for application security and design considerations like authentication, authorization, privacy and data integrity. It then covers security principles like designing for security by default and in deployment. Top application vulnerabilities like SQL injection, cross-site scripting and access control issues are explained along with remedies. Finally, it provides checklists for designers, developers and testers to follow for application security.
NIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai The NIST Cybersecurity Framework acts as a bridge between the management and Cybersecurity ecosystem.
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka! ** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Multifactor Authentication
Multifactor AuthenticationRonnie Isherwood In this session Ronnie and Kevin will provide a brief history of authentication, discuss today’s authentication risks and
challenges then look at how modern multi-factor authentication services can help keep businesses and access to
their data secure and compliant. The talk covers cloud services, on premise servers, RADIUS and mobile devices. It
will also explores what’s next with Windows 10 Hello and Passport technologies before wrapping up with a Q&A.
Data Security Explained
Data Security ExplainedHappiest Minds Technologies The presentation explains about Data Security as an industrial concept. It addresses
its concern on Data Loss Prevention in detail, from what it is, its approach, the best practices and
common mistakes people make for the same. The presentation concludes with highlighting
Happiest Minds' expertise in the domain.
Learn more about Happiest Minds Data Security Service Offerings
http://www.happiestminds.com/IT-security-services/data-security-services/
IBM Qradar
IBM QradarCoenraad Smith This document discusses how IBM's QRadar security intelligence platform can enable service providers to extend security capabilities to customers through multi-tenancy and software-as-a-service (SaaS) delivery models. It describes QRadar's multi-tenant capabilities that allow a single deployment to securely support multiple customer domains. It also introduces the QRadar Master Console, which provides centralized monitoring and management across multiple QRadar systems. Finally, it discusses how service providers can deploy QRadar in the cloud through IBM Security Intelligence on Cloud to minimize costs and offer an operating expense model.
cloud security ppt 
cloud security ppt Devyani Vaidya This document discusses cloud security and provides an overview of McAfee's cloud security program. It begins with definitions of cloud computing and cloud security. It then analyzes the growth of the global cloud security market from 2012-2014. Next, it discusses McAfee's cloud security offerings, strengths, weaknesses, opportunities, threats and competitors in the cloud security space. It also provides details on some of McAfee's major customers. Finally, it discusses Netflix's move to the cloud and its cloud security strategy.
SIEM presentation final
SIEM presentation finalRizwan S This document provides an overview of security information and event management (SIEM). It discusses how SIEM systems aggregate log data from various network devices and security tools to enable log management, event correlation, incident investigation and compliance reporting. It describes common SIEM components like log sources, event processors, and management consoles. It also covers log transmission methods, common ports used, and features of SIEM tools like QRadar including rule-based alerting, custom reports, and the Ariel Query Language for log searches.
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxMetaorange Cybersecurity frameworks provide guidelines and best practices for managing an organization's IT security architecture. Frameworks can be generalized or customized. They provide a systematic approach to identifying, assessing, and managing cybersecurity risks through continuous monitoring and improvement. Custom frameworks better address an organization's unique risk profile, business objectives, technologies, and challenges. They are designed by assessing security needs, identifying critical assets, determining the risk profile, and developing risk management protocols.
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityJyothishmathi Institute of Technology and Science Karimnagar Transport-level Security: Web security considerations, Secure Socket Layer and Transport Layer Security, HTTPS, Secure Shell (SSH) Wireless Network Security: Wireless Security, Mobile Device Security, IEEE 802.11 Wireless LAN, IEEE 802.11i Wireless LAN Security
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewMohamed Loey https://mloey.github.io/courses/security2017.html
We will discuss the following: Cryptography, Computer Security, OSI Security Architecture, Security Structure Scheme, Key Properties, Symmetric Encryption, Asymmetric Encryption, finally Our Book
Network Security
Network SecurityManoj Singh Network security is important to protect vital information while allowing authorized access. Key aspects of network security include identifying vulnerabilities, threats like hackers and methods of attack, and implementing appropriate countermeasures. Common attacks include password attacks, viruses, and packet sniffing. Effective countermeasures include firewalls to control access, intrusion detection systems to monitor for exploits, IPsec and encryption to secure communications, and user education to address social engineering vulnerabilities. Comprehensive security requires backups, encryption, virus protection, firewalls, monitoring, training, and testing defenses.
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv Cortex secures the future by reinventing security operations through its unique approach. Cortex breaks down data and product silos by gaining enterprise-scale visibility across network, endpoint, and cloud data using its Cortex XDR platform. Cortex XDR improves prevention, detection, and response capabilities. Demisto automates security processes and orchestrates responses through playbooks with its many product integrations.
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta The document discusses cybersecurity, including the different types of cyber criminals and cybersecurity specialists. It describes common cybersecurity threats like hacking, malware, and data breaches that can affect individuals, businesses, and organizations. The document also examines factors that contribute to the spread of cybercrime, such as software vulnerabilities, mobile devices, and the growth of internet-connected devices and large datasets. It outlines efforts to increase the cybersecurity workforce through frameworks, certifications, and professional development opportunities for cybersecurity experts.
Application security
Application securityHagar Alaa el-din The document provides definitions and concepts related to application security including assets, threats, vulnerabilities, attacks, and security controls. It discusses how application security aims to secure the confidentiality, integrity, and availability of data by protecting against vulnerabilities like SQL injection and cross-site scripting. The document demonstrates how attackers can exploit vulnerabilities in multiple phases, from information gathering to maintaining access. It recommends best practices for developers like following security standards, conducting audits, implementing logging, and keeping software updated. Finally, it discusses Facebook's response to the Cambridge Analytica data privacy scandal.
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies The document discusses various cybersecurity attack vectors and how organizations can protect themselves. It outlines common attack methods like ransomware, malicious code delivery, social engineering, and phishing. It then recommends that organizations conduct regular security audits, establish governance policies, create an incident response plan, and provide cybersecurity education to employees. The document promotes cybersecurity services from Future Point of View including vulnerability testing, forensics, and training to help organizations enhance their protections.
Introduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas This document discusses the evolution of cyber security and its growing importance. It covers how cyber security now impacts individuals, businesses, and geopolitics. The document also defines key cyber security terms and concepts, examines perspectives like threat management and information assurance, and argues that cyber security must take an integrated, holistic approach going forward. It concludes by noting that with modern society's growing digital interconnectedness, not taking a comprehensive view of cyber security may be the biggest risk.
Cloud security
Cloud securityBikashPokharel3 Slide on Cloud Security. This defines the possible aspects on Cloud Security. Images are taken from different Websites which are mentioned on references section.
Cyber Security
Cyber SecurityRamiro Cid Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
Network security 
Network security Madhumithah Ilango Network security involves protecting computer networks from unauthorized access. It aims to achieve access control, confidentiality, authentication, integrity, and non-repudiation. Throughout history, as hacking and crimes emerged in the 1980s and the Internet became public in the 1990s, security concerns increased tremendously. Network security employs multiple layers including physical security, perimeter protection, user training, encryption, and firewalls among other hardware and software components. As threats continue to evolve, the field of network security must also evolve rapidly to protect information and system resources.
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
Network security
Network securityEstiak Khan Network security involves implementing physical and software measures to protect a network from unauthorized access and enable authorized access. It aims to maintain confidentiality of data, integrity of data, availability of resources, and privacy of personal data. Key aspects of network security include encryption to scramble data, firewalls to control access to networks, and securing wireless networks through standards like WPA2. Common security processes also involve backing up data regularly, using access controls like passwords, and encrypting data during storage and transmission.
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni CloudAccess SIEM provides security information and event management capabilities through a single integrated platform. It combines security information management, security event management, and log management functions. Some key features include intrusion detection, 24/7 monitoring, forensic analysis, vulnerability reporting, and anomalous activity alerts. CloudAccess SIEM can be deployed as software, an appliance, or a managed service. It provides real-time analysis of security alerts from network devices and applications.
Network Security Fundamentals
Network Security FundamentalsRahmat Suhatman How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
Extended Detection and Response (XDR)
An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR)
An Overhyped Product Category With Ulti...Raffael Marty Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products.
In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.
framework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptxAshishRanjan546644 The document discusses version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity published by NIST in April 2018. It provides an overview of key additions and changes in version 1.1, including a new supply chain risk management category and subcategories, as well as clarified language for some existing subcategories. It also outlines NIST's role in developing cybersecurity standards and describes how organizations can use the Framework to manage cybersecurity risks by customizing profiles and conducting gap analyses.
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxMuhammadAbdullah311866 This document proposes updates to version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity. The updates are based on feedback from cybersecurity experts and aim to clarify, refine and enhance the framework while maintaining backwards compatibility. Key proposed changes include strengthening identity management and supply chain risk management in the core framework, providing guidance on metrics and measurement, and clarifying implementation tiers and profiles. Public feedback on draft version 1.1 is requested by April 10, 2017.
Ad
More Related Content
What's hot (20)
IBM Qradar
IBM QradarCoenraad Smith This document discusses how IBM's QRadar security intelligence platform can enable service providers to extend security capabilities to customers through multi-tenancy and software-as-a-service (SaaS) delivery models. It describes QRadar's multi-tenant capabilities that allow a single deployment to securely support multiple customer domains. It also introduces the QRadar Master Console, which provides centralized monitoring and management across multiple QRadar systems. Finally, it discusses how service providers can deploy QRadar in the cloud through IBM Security Intelligence on Cloud to minimize costs and offer an operating expense model.
cloud security ppt
cloud security ppt Devyani Vaidya This document discusses cloud security and provides an overview of McAfee's cloud security program. It begins with definitions of cloud computing and cloud security. It then analyzes the growth of the global cloud security market from 2012-2014. Next, it discusses McAfee's cloud security offerings, strengths, weaknesses, opportunities, threats and competitors in the cloud security space. It also provides details on some of McAfee's major customers. Finally, it discusses Netflix's move to the cloud and its cloud security strategy.
SIEM presentation final
SIEM presentation finalRizwan S This document provides an overview of security information and event management (SIEM). It discusses how SIEM systems aggregate log data from various network devices and security tools to enable log management, event correlation, incident investigation and compliance reporting. It describes common SIEM components like log sources, event processors, and management consoles. It also covers log transmission methods, common ports used, and features of SIEM tools like QRadar including rule-based alerting, custom reports, and the Ariel Query Language for log searches.
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxMetaorange Cybersecurity frameworks provide guidelines and best practices for managing an organization's IT security architecture. Frameworks can be generalized or customized. They provide a systematic approach to identifying, assessing, and managing cybersecurity risks through continuous monitoring and improvement. Custom frameworks better address an organization's unique risk profile, business objectives, technologies, and challenges. They are designed by assessing security needs, identifying critical assets, determining the risk profile, and developing risk management protocols.
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityJyothishmathi Institute of Technology and Science Karimnagar Transport-level Security: Web security considerations, Secure Socket Layer and Transport Layer Security, HTTPS, Secure Shell (SSH) Wireless Network Security: Wireless Security, Mobile Device Security, IEEE 802.11 Wireless LAN, IEEE 802.11i Wireless LAN Security
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewMohamed Loey https://mloey.github.io/courses/security2017.html
We will discuss the following: Cryptography, Computer Security, OSI Security Architecture, Security Structure Scheme, Key Properties, Symmetric Encryption, Asymmetric Encryption, finally Our Book
Network Security
Network SecurityManoj Singh Network security is important to protect vital information while allowing authorized access. Key aspects of network security include identifying vulnerabilities, threats like hackers and methods of attack, and implementing appropriate countermeasures. Common attacks include password attacks, viruses, and packet sniffing. Effective countermeasures include firewalls to control access, intrusion detection systems to monitor for exploits, IPsec and encryption to secure communications, and user education to address social engineering vulnerabilities. Comprehensive security requires backups, encryption, virus protection, firewalls, monitoring, training, and testing defenses.
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv Cortex secures the future by reinventing security operations through its unique approach. Cortex breaks down data and product silos by gaining enterprise-scale visibility across network, endpoint, and cloud data using its Cortex XDR platform. Cortex XDR improves prevention, detection, and response capabilities. Demisto automates security processes and orchestrates responses through playbooks with its many product integrations.
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta The document discusses cybersecurity, including the different types of cyber criminals and cybersecurity specialists. It describes common cybersecurity threats like hacking, malware, and data breaches that can affect individuals, businesses, and organizations. The document also examines factors that contribute to the spread of cybercrime, such as software vulnerabilities, mobile devices, and the growth of internet-connected devices and large datasets. It outlines efforts to increase the cybersecurity workforce through frameworks, certifications, and professional development opportunities for cybersecurity experts.
Application security
Application securityHagar Alaa el-din The document provides definitions and concepts related to application security including assets, threats, vulnerabilities, attacks, and security controls. It discusses how application security aims to secure the confidentiality, integrity, and availability of data by protecting against vulnerabilities like SQL injection and cross-site scripting. The document demonstrates how attackers can exploit vulnerabilities in multiple phases, from information gathering to maintaining access. It recommends best practices for developers like following security standards, conducting audits, implementing logging, and keeping software updated. Finally, it discusses Facebook's response to the Cambridge Analytica data privacy scandal.
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies The document discusses various cybersecurity attack vectors and how organizations can protect themselves. It outlines common attack methods like ransomware, malicious code delivery, social engineering, and phishing. It then recommends that organizations conduct regular security audits, establish governance policies, create an incident response plan, and provide cybersecurity education to employees. The document promotes cybersecurity services from Future Point of View including vulnerability testing, forensics, and training to help organizations enhance their protections.
Introduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas This document discusses the evolution of cyber security and its growing importance. It covers how cyber security now impacts individuals, businesses, and geopolitics. The document also defines key cyber security terms and concepts, examines perspectives like threat management and information assurance, and argues that cyber security must take an integrated, holistic approach going forward. It concludes by noting that with modern society's growing digital interconnectedness, not taking a comprehensive view of cyber security may be the biggest risk.
Cloud security
Cloud securityBikashPokharel3 Slide on Cloud Security. This defines the possible aspects on Cloud Security. Images are taken from different Websites which are mentioned on references section.
Cyber Security
Cyber SecurityRamiro Cid Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
Network security
Network security Madhumithah Ilango Network security involves protecting computer networks from unauthorized access. It aims to achieve access control, confidentiality, authentication, integrity, and non-repudiation. Throughout history, as hacking and crimes emerged in the 1980s and the Internet became public in the 1990s, security concerns increased tremendously. Network security employs multiple layers including physical security, perimeter protection, user training, encryption, and firewalls among other hardware and software components. As threats continue to evolve, the field of network security must also evolve rapidly to protect information and system resources.
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
Network security
Network securityEstiak Khan Network security involves implementing physical and software measures to protect a network from unauthorized access and enable authorized access. It aims to maintain confidentiality of data, integrity of data, availability of resources, and privacy of personal data. Key aspects of network security include encryption to scramble data, firewalls to control access to networks, and securing wireless networks through standards like WPA2. Common security processes also involve backing up data regularly, using access controls like passwords, and encrypting data during storage and transmission.
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni CloudAccess SIEM provides security information and event management capabilities through a single integrated platform. It combines security information management, security event management, and log management functions. Some key features include intrusion detection, 24/7 monitoring, forensic analysis, vulnerability reporting, and anomalous activity alerts. CloudAccess SIEM can be deployed as software, an appliance, or a managed service. It provides real-time analysis of security alerts from network devices and applications.
Network Security Fundamentals
Network Security FundamentalsRahmat Suhatman How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
Extended Detection and Response (XDR)
An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR)
An Overhyped Product Category With Ulti...Raffael Marty Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products.
In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityJyothishmathi Institute of Technology and Science Karimnagar
Similar to Cybersecurity framework v1-1_presentation (20)
framework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptxAshishRanjan546644 The document discusses version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity published by NIST in April 2018. It provides an overview of key additions and changes in version 1.1, including a new supply chain risk management category and subcategories, as well as clarified language for some existing subcategories. It also outlines NIST's role in developing cybersecurity standards and describes how organizations can use the Framework to manage cybersecurity risks by customizing profiles and conducting gap analyses.
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxMuhammadAbdullah311866 This document proposes updates to version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity. The updates are based on feedback from cybersecurity experts and aim to clarify, refine and enhance the framework while maintaining backwards compatibility. Key proposed changes include strengthening identity management and supply chain risk management in the core framework, providing guidance on metrics and measurement, and clarifying implementation tiers and profiles. Public feedback on draft version 1.1 is requested by April 10, 2017.
Framework for Improving Critical Infrastructure Cyber.docx
Framework for Improving Critical Infrastructure Cyber.docxbudbarber38650 Framework for Improving
Critical Infrastructure Cybersecurity
Version 1.1
National Institute of Standards and Technology
April 16, 2018
April 16, 2018 Cybersecurity Framework Version 1.1
This publication is available free of charge from: https://doi.org/10.6028/NIST.CSWP.04162018 ii
No t e t o Rea d er s o n t h e U p d a t e
Version 1.1 of this Cybersecurity Framework refines, clarifies, and enhances Version 1.0, which
was issued in February 2014. It incorporates comments received on the two drafts of Version 1.1.
Version 1.1 is intended to be implemented by first-time and current Framework users. Current
users should be able to implement Version 1.1 with minimal or no disruption; compatibility with
Version 1.0 has been an explicit objective.
The following table summarizes the changes made between Version 1.0 and Version 1.1.
Table NTR-1 - Summary of changes between Framework Version 1.0 and Version 1.1.
Update Description of Update
Clarified that terms like
“compliance” can be
confusing and mean
something very different
to various Framework
stakeholders
Added clarity that the Framework has utility as a structure and
language for organizing and expressing compliance with an
organization’s own cybersecurity requirements. However, the
variety of ways in which the Framework can be used by an
organization means that phrases like “compliance with the
Framework” can be confusing.
A new section on self-
assessment
Added Section 4.0 Self-Assessing Cybersecurity Risk with the
Framework to explain how the Framework can be used by
organizations to understand and assess their cybersecurity risk,
including the use of measurements.
Greatly expanded
explanation of using
Framework for Cyber
Supply Chain Risk
Management purposes
An expanded Section 3.3 Communicating Cybersecurity
Requirements with Stakeholders helps users better understand
Cyber Supply Chain Risk Management (SCRM), while a new
Section 3.4 Buying Decisions highlights use of the Framework
in understanding risk associated with commercial off-the-shelf
products and services. Additional Cyber SCRM criteria were
added to the Implementation Tiers. Finally, a Supply Chain Risk
Management Category, including multiple Subcategories, has
been added to the Framework Core.
Refinements to better
account for authentication,
authorization, and identity
proofing
The language of the Access Control Category has been refined
to better account for authentication, authorization, and identity
proofing. This included adding one Subcategory each for
Authentication and Identity Proofing. Also, the Category has
been renamed to Identity Management and Access Control
(PR.AC) to better represent the scope of the Category and
corresponding Subcategories.
Better explanation of the
relationship between
Implementation Tiers and
Profiles
Added language to Section 3.2 Establishing or.
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86 Miguel Sanchez presented on risk based security and self protection technologies. He discussed how the threat landscape has changed and the need for a proactive, risk based approach. This involves a multi-tiered risk management process including framing risks at the organizational, mission, and system levels. Emerging technologies like runtime application self protection can help applications protect themselves by monitoring for threats during execution.
Framework for Improving Critical Infrastructure Cybersecurity - Nist.cswp.041...
Framework for Improving Critical Infrastructure Cybersecurity - Nist.cswp.041...AT-NET Services, Inc. - Charleston Division NIST document Framework for Improving Critical Infrastructure Cybersecurity a Planning Guide for Program Managers, CEO, CIO, CTO (all C-Level) executives to have implemented effective Cyber Security Policies.
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Secure Software Development: Best practice and strategies.pdf
Secure Software Development: Best practice and strategies.pdfNexflare Dynamics In a world where cyber threats are constantly evolving, secure software development is not just an option—it’s a necessity. Building secure applications from the ground up ensures that sensitive data remains protected, systems remain resilient, and users can trust your software. This blog delves into the essentials of secure software development, highlighting its importance, best practices, and actionable strategies.
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your ServerClio - Cloud-Based Legal Technology The days of VPN, desktop practice management software and ftp file sharing have given way to online applications like Google Apps, Dropbox and online practice management solutions. Fast, cost-effective, and easy-to-use, law firms of all sizes are moving to cloud-based systems to run their operations.
How secure is a cloud-based system though?
Learn about:
- Risks of servers and why securing data in the cloud is a better option
- Procedures every law firm can use to make cloud data storage highly effective
- How cloud applications can help firms meet strict statutory requirements
An integrated security testing framework and tool
An integrated security testing framework and toolMoutasm Tamimi The document presents an integrated security testing framework for the secure software development life cycle (SSDLC). The framework includes four main phases: 1) defining security guidelines based on enterprise security requirements for each SSDLC phase, 2) constructing security test cases based on the guidelines, 3) executing test cases by integrating various security testing tools, and 4) converging results from different tools using a meta-vulnerability data model. The framework aims to adopt security activities into each SSDLC phase to improve security, generate test cases, integrate testing tools, and provide accurate results. It was evaluated through prototype testing of 50 software projects.
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra The document provides an overview of secure DevOps practices including:
- Integrating security into the software development lifecycle from design through deployment.
- Using automation and continuous integration/delivery practices to continuously assess and remediate vulnerabilities.
- Implementing secure configurations for hardware and software and keeping systems updated with the latest patches.
- Performing security testing using tools that can identify vulnerabilities during the development process.
- Controlling administrative privileges and secrets management in an "infrastructure as code" environment.
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson Cyber attacks have increased in frequency and severity, and financial institutions are particularly interesting targets to cyber criminals. Join this presentation to learn the latest cybersecurity threats and challenges plaguing the financial industry,
Bio: Ulf is the Chief Technology Officer of Security Solutions at Atlantic BT, and earlier at Compliance Engineering. Ulf was the Chief Technology Officer and a founder of Protegrity, He invented the Protegrity Vaultless Tokenization, Data Type Preservation (DTP2) and created the initial architecture of Protegrity's database security technology. Prior to Protegrity, Ulf worked 20 years at IBM in software development and in IBM's Research organization, in the areas of IT Architecture and Security, and received a US Green Card of class ‘EB 11 – Individual of Extraordinary Ability’ after endorsement by IBM.
Ulf is the inventor of more than 45 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention. One line of his research during the last 15 years is in the area of managing and enforcing security policies for databases, including joint projects with research and development teams at IBM, Microsoft, Hewlett-Packard, Oracle, Sybase, Informix, Teradata, and RSA.
Ulf is a research member of IFIP and a member of ANSI X9. Leading journals and professions magazines, including IEEE Xplore, ISACA and IBM Journals, published more than 100 of his in-depth professional articles and papers. Ulf received Industry's 2008 Most Valuable Performers (MVP) award together with technology leaders from IBM, Cisco Systems, Ingres, Google and other leading companies. Ulf frequently gives presentations at leading security and database conferences in US, Europe and ASIA, and frequent tutorials at the Information Systems Security Association (ISSA) and Information Systems Audit and Control Association.
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak The document discusses the NIST Cybersecurity Framework, which provides guidelines for critical infrastructure security and management of cybersecurity risks. It was created through a collaboration between government and industry to help organizations manage and reduce cybersecurity risks. The framework consists of five concurrent and continuous functions - Identify, Protect, Detect, Respond, Recover. It also outlines implementation tiers from Partial to Adaptive to help organizations determine their cybersecurity risk management practices. The framework is meant to be flexible and not prescriptive in order to accommodate different sectors and risks profiles.
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA Information Security This document discusses security status reporting and outlines best practices for developing an effective security monitoring program. It recommends selecting critical business systems as the target environment and defining key performance indicators across areas like user access management, patching, and perimeter security. The document also provides guidance on setting baselines using standards, quantifying security status with CVSS scoring, understanding audience priorities, and building dashboards and reports that follow rules like only displaying relevant, meaningful data at an appropriate refresh rate for the intended audience. The overall aim is to facilitate effective decision making and reporting on security posture.
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council The document summarizes key points from a presentation on cloud security standards. It discusses the benefits of standards in promoting interoperability and regulatory compliance. It analyzes the current landscape of standards, including specifications, advisory standards, and security frameworks. It also provides recommendations for 10 steps customers can take to evaluate a cloud provider's security, including ensuring governance and compliance, auditing processes, managing access controls, and assessing physical infrastructure security. The document recommends cloud security standards and certifications customers should expect providers to support.
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council The document summarizes key points from a presentation on latest developments in cloud security standards and privacy. It discusses the benefits of standards, outlines some current security standards and frameworks, and provides recommendations for cloud customers to evaluate a cloud service provider's security capabilities. The presentation emphasizes that customers should ensure cloud providers support relevant security standards to ensure governance, risk management and regulatory compliance.
HITRUST CSF in the Cloud
HITRUST CSF in the CloudOnRamp Don’t be fooled by vague claims about data protection—especially in the cloud. HITRUST Common Security Framework (CFS) is the gold standard for data security and compliance. While security guidelines, like HIPAA, use phrases like “reasonable and appropriate” protection, HITRUST provides clear and actionable guidance for risk management. It’s the only certifiable framework that includes HIPAA, PCI, ISO, and NIST controls—here’s how you can benefit.
Takeaways & Learning Objectives
What is HITRUST CSF, and how does it differ from regulations like HIPAA?
How can your organization leverage HITRUST?
Best practices for secure cloud deployments
Join OnRamp’s VP of Product, Toby Owen, and OnRamp’s Head of Information Security, Nikola Todev in an educational and interactive session
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...Cohesive Networks The document discusses cybersecurity frameworks and introduces the NIST Cybersecurity Framework. It provides an overview of the framework, explaining that it was created to provide a common language for organizations to assess security capabilities, identify gaps, and measure progress across different standards. The framework establishes guidelines for profiling current security levels, setting targets, and developing action plans to close gaps. An example is provided of a company that used the framework to improve security and facilitate auditing and certification.
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa This document provides an overview of application security challenges and trends. It discusses how attacks have moved to target applications directly rather than just infrastructure. It also notes that security is often an afterthought for developers focused on speed and that maturity varies. Key trends include shifting security left in the development process, addressing open source risks, and leveraging tools like machine learning. Stakeholders have different priorities around protecting the organization versus meeting deadlines. Primary use cases involve finding and fixing vulnerabilities throughout the development lifecycle. The Fortify platform aims to provide application security that scales with development needs.
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta This document provides an overview of application security and the Fortify portfolio. It discusses growing application security challenges such as attacks targeting the application layer. It also reviews key application security trends like shift left development and cloud transformation. The document outlines primary customer use cases and priorities around securing applications. Additionally, it summarizes the Fortify product offerings and how the portfolio addresses application security needs. Examples of Fortify customer success are also provided along with insights into the competitive application security market.
Cisco NGFW AMP
Cisco NGFW AMPCisco Canada The Cisco Firepower Management Center provides centralized management of Cisco network security solutions such as firewalls, intrusion prevention, and advanced malware protection. It collects extensive network intelligence, analyzes vulnerabilities, and provides policy recommendations. The Management Center offers unified policy management, superior threat intelligence, application visibility and control, and reporting/dashboards. It is available as a physical or virtual appliance and supports various Cisco security products.
Framework for Improving Critical Infrastructure Cybersecurity - Nist.cswp.041...
Framework for Improving Critical Infrastructure Cybersecurity - Nist.cswp.041...AT-NET Services, Inc. - Charleston Division
Ad
Recently uploaded (20)
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Aqusag Technologies In late April 2025, a significant portion of Europe, particularly Spain, Portugal, and parts of southern France, experienced widespread, rolling power outages that continue to affect millions of residents, businesses, and infrastructure systems.
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfAbi john Analyze the growth of meme coins from mere online jokes to potential assets in the digital economy. Explore the community, culture, and utility as they elevate themselves to a new era in cryptocurrency.
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...organizerofv IEDM 2024 Tutorial2
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AIartmondano By 2026, AI agents will consume 10x more enterprise data than humans, but with none of the contextual understanding that prevents catastrophic misinterpretations.
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxJon Hansen Procurement Insights integrated Historic Procurement Industry Archives, serves as a powerful complement — not a competitor — to other procurement industry firms. It fills critical gaps in depth, agility, and contextual insight that most traditional analyst and association models overlook.
Learn more about this value- driven proprietary service offering here.
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp This is the keynote of the Into the Box conference, highlighting the release of the BoxLang JVM language, its key enhancements, and its vision for the future.
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...SOFTTECHHUB I started my online journey with several hosting services before stumbling upon Ai EngineHost. At first, the idea of paying one fee and getting lifetime access seemed too good to pass up. The platform is built on reliable US-based servers, ensuring your projects run at high speeds and remain safe. Let me take you step by step through its benefits and features as I explain why this hosting solution is a perfect fit for digital entrepreneurs.
How analogue intelligence complements AI
How analogue intelligence complements AIPaul Rowe
Artificial Intelligence is providing benefits in many areas of work within the heritage sector, from image analysis, to ideas generation, and new research tools. However, it is more critical than ever for people, with analogue intelligence, to ensure the integrity and ethical use of AI. Including real people can improve the use of AI by identifying potential biases, cross-checking results, refining workflows, and providing contextual relevance to AI-driven results.
News about the impact of AI often paints a rosy picture. In practice, there are many potential pitfalls. This presentation discusses these issues and looks at the role of analogue intelligence and analogue interfaces in providing the best results to our audiences. How do we deal with factually incorrect results? How do we get content generated that better reflects the diversity of our communities? What roles are there for physical, in-person experiences in the digital world?
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Impelsys Inc. Impelsys provided a robust testing solution, leveraging a risk-based and requirement-mapped approach to validate ICU Connect and CritiXpert. A well-defined test suite was developed to assess data communication, clinical data collection, transformation, and visualization across integrated devices.
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxJustin Reock Building 10x Organizations with Modern Productivity Metrics
10x developers may be a myth, but 10x organizations are very real, as proven by the influential study performed in the 1980s, ‘The Coding War Games.’
Right now, here in early 2025, we seem to be experiencing YAPP (Yet Another Productivity Philosophy), and that philosophy is converging on developer experience. It seems that with every new method we invent for the delivery of products, whether physical or virtual, we reinvent productivity philosophies to go alongside them.
But which of these approaches actually work? DORA? SPACE? DevEx? What should we invest in and create urgency behind today, so that we don’t find ourselves having the same discussion again in a decade?
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPathCommunity Join this UiPath Community Berlin meetup to explore the Orchestrator API, Swagger interface, and the Test Manager API. Learn how to leverage these tools to streamline automation, enhance testing, and integrate more efficiently with UiPath. Perfect for developers, testers, and automation enthusiasts!
📕 Agenda
Welcome & Introductions
Orchestrator API Overview
Exploring the Swagger Interface
Test Manager API Highlights
Streamlining Automation & Testing with APIs (Demo)
Q&A and Open Discussion
Perfect for developers, testers, and automation enthusiasts!
👉 Join our UiPath Community Berlin chapter: https://community.uipath.com/berlin/
This session streamed live on April 29, 2025, 18:00 CET.
Check out all our upcoming UiPath Community sessions at https://community.uipath.com/events/.
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsInData Labs In this infographic, we explore how businesses can implement effective governance frameworks to address AI data privacy. Understanding it is crucial for developing effective strategies that ensure compliance, safeguard customer trust, and leverage AI responsibly. Equip yourself with insights that can drive informed decision-making and position your organization for success in the future of data privacy.
This infographic contains:
-AI and data privacy: Key findings
-Statistics on AI data privacy in the today’s world
-Tips on how to overcome data privacy challenges
-Benefits of AI data security investments.
Keep up-to-date on how AI is reshaping privacy standards and what this entails for both individuals and organizations.
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?Daniel Lehner 𝙄𝙨 𝘼𝙄 𝙟𝙪𝙨𝙩 𝙝𝙮𝙥𝙚? 𝙊𝙧 𝙞𝙨 𝙞𝙩 𝙩𝙝𝙚 𝙜𝙖𝙢𝙚 𝙘𝙝𝙖𝙣𝙜𝙚𝙧 𝙮𝙤𝙪𝙧 𝙗𝙪𝙨𝙞𝙣𝙚𝙨𝙨 𝙣𝙚𝙚𝙙𝙨?
Everyone’s talking about AI but is anyone really using it to create real value?
Most companies want to leverage AI. Few know 𝗵𝗼𝘄.
✅ What exactly should you ask to find real AI opportunities?
✅ Which AI techniques actually fit your business?
✅ Is your data even ready for AI?
If you’re not sure, you’re not alone. This is a condensed version of the slides I presented at a Linkedin webinar for Tecnovy on 28.04.2025.
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganArthur Morgan This is a Quick Research Guide (QRG).
QRGs include the following:
- A brief, high-level overview of the QRG topic.
- A milestone timeline for the QRG topic.
- Links to various free online resource materials to provide a deeper dive into the QRG topic.
- Conclusion and a recommendation for at least two books available in the SJPL system on the QRG topic.
QRGs planned for the series:
- Artificial Intelligence QRG
- Quantum Computing QRG
- Big Data Analytics QRG
- Spacecraft Guidance, Navigation & Control QRG (coming 2026)
- UK Home Computing & The Birth of ARM QRG (coming 2027)
Any questions or comments?
- Please contact Arthur Morgan at [email protected].
100% human made.
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Artificial intelligence is changing how businesses operate. Companies are using AI agents to automate tasks, reduce time spent on repetitive work, and focus more on high-value activities. Noah Loul, an AI strategist and entrepreneur, has helped dozens of companies streamline their operations using smart automation. He believes AI agents aren't just tools—they're workers that take on repeatable tasks so your human team can focus on what matters. If you want to reduce time waste and increase output, AI agents are the next move.
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Sparkcarlyakerly1 Spark is a powerhouse for large datasets, but when it comes to smaller data workloads, its overhead can sometimes slow things down. What if you could achieve high performance and efficiency without the need for Spark?
At S&P Global Commodity Insights, having a complete view of global energy and commodities markets enables customers to make data-driven decisions with confidence and create long-term, sustainable value. 🌍
Explore delta-rs + CDC and how these open-source innovations power lightweight, high-performance data applications beyond Spark! 🚀
Ad
Cybersecurity framework v1-1_presentation
- 1. The Cybersecurity Framework Version 1.1 October 2019
- 2. Cybersecurity Framework History • February 2013 - Executive Order 13636: Improving Critical Infrastructure Cybersecurity • December 2014 - Cybersecurity Enhancement Act of 2014 (P.L. 113-274) • May 2017 - Executive Order 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
- 3. The Cybersecurity Framework Three Primary Components Core Desired cybersecurity outcomes organized in a hierarchy and aligned to more detailed guidance and controls Profiles Alignment of an organization’s requirements and objectives, risk appetite and resources using the desired outcomes of the Framework Core Implementation Tiers A qualitative measure of organizational cybersecurity risk management practices
- 4. • Common and accessible language • Adaptable to many technologies, lifecycle phases, sectors and uses • Risk-based • Based on international standards • Living document • Guided by many perspectives – private sector, academia, public sector Key Framework Attributes Principles of Current and Future Versions of the Framework
- 5. The Framework Core Establishes a Common Language • Describes desired outcomes • Understandable by everyone • Applies to any type of risk management • Defines the entire breadth of cybersecurity • Spans both prevention and reaction Function Identify Protect Detect Respond Recover
- 6. An Excerpt from the Framework Core The Connected Path of Framework Outcomes 5 Functions 23 Categories 108 Subcategories 6 Informative References
- 7. Implementation Tiers The Cybersecurity Framework Version 1.1 1 2 3 4 Partial Risk Informed Repeatable Adaptive Risk Management Process The functionality and repeatability of cybersecurity risk management Integrated Risk Management Program The extent to which cybersecurity is considered in broader risk management decisions External Participation The degree to which the organization: • monitors and manages supply chain risk1.1 • benefits my sharing or receiving information from outside parties
- 8. Framework Update The Cybersecurity Framework Version 1.1 • Applicability for all system lifecycle phases • Enhanced guidance for managing cybersecurity within supply chains and for buying decisions • New guidance for self-assessment • Better accounts for Authorization, Authentication, and Identity Proofing • Incorporates emerging vulnerability information (a.k.a., Coordinated Vulnerability Disclosure) • Administratively updates the Informative References
- 9. International Use Translations, Adaptations, and Other References World-Wide
- 10. Sample Resources www.nist.gov/cyberframework/framework-resources Financial Services Profile Financial Services Sector Specific Cybersecurity “Profile” Manufacturing Profile NIST Discrete Manufacturing Cybersecurity Framework Profile Maritime Profile Bulk Liquid Transport Profile
- 11. Success Stories https://www.nist.gov/cyberframework/success-stories University of Chicago Biological Sciences Division Japan’s Cross-Sector Forum ISACA University of Pittsburgh University of Kansas Medical Center Multi-State Information Sharing & Analysis Center