1.NIST CSF & Symantec Cloud Solutions Michael Reeves,CISSP| Cloud Architect
2.Agenda 1 • What is NIST CSF? 2 • NIST CSF Structure & Processes 3 • NIST CSF & Symantec Cloud Solutions
3.What is NIST CSF?
4.What is NIST CSF? The National Institute of Standards and Technology (NIST) is a set of industry standards and best practices to help organizations manage cybersecurity risks. On February 12th, 2013, Barack Obama signed an executive order to improve critical infrastructure cybersecurity. This established that “it is the Policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.”
5.What is NIST CSF? The National Institute of Standards and Technology (NIST) is a set of industry standards and best practices to help organizations manage cybersecurity risks. • Usage is voluntary, although incentives may emerge. • Common, flexible, and adaptable structure that can be used by all organizations. • Creation of NIST CSF was a collaborative process between the government and the private sector. • Symantec played a key role throughout the development of the framework
6.“By 2020, more than 50 percent of organizations will use the NIST Cybersecurity Framework…” https://www.gartner.com/webinar/3163821
7.Why your customers are using NIST CSF? DESCRIBE IDENTIFY ASSESS COMMUNICATE • Current state • Priorities • Progress • Internally • Target state • Processes towards and target state externally
8.Making NIST CSF Work For You? • Knowledge of the CSF, and how solutions support the Framework will allow you to probe for “pain points” and solve broader problems for your customer • Our customers purchase security products to satisfy a “control” associated with a regulation, law, policy or industry standard. • NIST CSF will help you understand your customers’ larger security concerns and move past providing a “point product” to solve a small part of a larger issue. • The result? Larger orders, and better relationships with your customers.
9.NIST CSF Structure & Processes
10. Framework Components Set of activities, desired Alignment of standards, outcomes, and applicable guidelines, and practices to references common the Framework Core in a across critical Framework Framework particular implementation infrastructure sectors scenario Core Profile Framework Implementation Provides context on how an Tiers organization views cybersecurity risk and the processes in place to manage that risk
11. Framework Core Functions Categories Subcategories Informative References Identify Subdivision of Further Protect Existing High-level Functions into Subdivide Controls used cybersecurity groups of Categories Detect to implement goals cybersecurity into specific Subcategory outcomes outcomes Respond Recover
12. Functions Functions ID Identify What assets need protection? PR Protect What safeguards are available? DE Detect What techniques can identify incidents? RS Respond What techniques can contain impacts of incidents? RC Recover What techniques can restore capabilities?
13.Categories Functions Categories Asset Management (ID.AM) Risk Assessment (ID.RA) ID Identify Business Environment (ID.BE) Risk Management Strategy (ID.RM) Governance (ID.GV) Access Control (PR.AC) Information Protection Processes & Procedures (PR.IP) PR Protect Awareness & Training (PR.AT) Maintenance (PR.MA) Data Security (PR.DS) Protective Technology (PR.PT) Anomalies & Events (DE.AE) DE Detect Security Continuous Monitoring (DE.CM) Detection Processes (DE.DP) Response Planning (RS.RP) Mitigation (RS.MI) RS Respond Communications (RS.CO) Improvements (RS.IM) Analysis (RS.AN) Recovery Planning (RC.RP) RC Recover Improvements (RC.IM) Communications (RC.CO)
14. Subcategories Function Category Subcategories ID.AM-1 Physical devices and systems within the organization are inventoried ID.AM-2 Software platforms and applications within the organization are inventoried Asset ID.AM-3 Organizational communication and data flows are mapped Identify Management (ID) (ID.AM) ID.AM-4 External information systems are catalogued Resources (hardware, devices, data, and software) are prioritized based on ID.AM-5 their classification, criticality, and business value Cybersecurity roles and responsibilities for the entire workforce and third-party ID.AM-6 stakeholders (suppliers, customers, partners) are established
15.Informative References Function Category Subcategory Informative References • CCS CSC 1 • COBIT 5 BAI09.01, BAI09.02 Asset Physical device • ISA 62443-2-1:2009 126.96.36.199 Identify Management inventories (ID) (ID.AM) (ID.AM-1) • ISA 62443-3-3:2013 SR 7.8 • ISO/IEC 27001:2013 A.8.1.1, A.8.1.2 • NIST SP 800-53 Rev. 4 CM-8
16. Framework Tiers Tier 1 Partial • The organization has not yet implemented a formal, threat-aware risk management process to determine a prioritized list of cybersecurity Tier Selection Process activities CONSIDERS organization’s current risk management Tier 2 Risk Informed • The organization uses a formal, threat- practices, threat environment, legal and regulatory aware risk management process to requirements, business/mission objectives, and develop a Profile of the Framework organizational constraints Tier 3 Repeatable • The organization updates its Profile DETERMINE desired Tier based on meeting goals, based on regular application of its risk management process to respond to a feasibility to implement and reduction of risk to changing cybersecurity landscape acceptable levels Tier 4 Adaptive • The organization updates its Profile LEVERAGE external guidance to help with Tier based on predictive indicators derived from previous & anticipated selection cybersecurity activities
17.Framework Cycle Step 1: Identify business/mission objectives Prioritize and and high-level organizational priorities Scope Organization determines Step 7: which standards, guidelines Step 2: Identify related systems, Implement regulatory requirements, and practices work best for Action Plan Orient and overall risk approach their environment Step 6: Step 3: Identify which Compare the current profile category and Determine, Create a and target profile to subcategory Analyze, and Current outcomes from determine gaps Prioritize Gaps Profile framework core will be achieved Create a target profile Step 5: Step 4: Conduct a Incorporate emerging risks and describing the Create a Risk threat/vulnerability data to determine organization’s desired likelihood and impact of cybersecurity cybersecurity outcome Target Profile Assessment event
18.NIST CSF & Symantec Cloud Solutions
19. Leveraging the Framework Identify Protect Detect Respond Recover Key Capabilities SYMC Solutions • IT & Information asset • Identities & • Threats and Errors • Investigations • Recovery plans inventory Credentials enacted upon event • Malicious code • Forensics • Strong Authentication • Communications • Access Policy & • Unauthorized assets & • Incidents Segmentation personnel categorized • Policy & Procedures • Data Security (In • External service • Incident • Risk Management Transit & At Rest) providers containment • Baseline Configuration/ Integrity
20. Areas of Alignment Identify Protect Detect Respond Recover Symantec Cloud Solutions SYMC Solutions • CASB • Business Critical • CASB Services • Cloud Workload • Cloud Workload • CASB • Business Critical • Business Critical Protection Assurance • Cloud Workload Services Services (Compute/Storage) • Cloud Workload Protection • Cload Workload • Incident Response • Email Protection (Compute/Storage) Protection Security.Cloud (Compute/Storage) • Email (Compute/Storage) • Secure Access • Secure Access Cloud Security.Cloud • Email Security.Cloud Cloud (Luminate) (Luminate) • Secure Access • Incident Response • SEP • SEP Cloud (Luminate) • SEP • SEP Cloud • SEP Cloud • SEP • SEP Cloud • SEP Mobile • SEP Mobile • SEP Cloud • SEP Mobile • VIP • VIP • SEP Mobile • Web Security Service • Web Security • Web Security Service • Web Security Service Service
21.For More Information… Brian Rauls Symantec Licensing Team Sr. Architect/Symantec Knight 1-800-456-8000 ext. 66429 Symantec-Licensing@ingrammicro.com Brian.Rauls@ingrammicro.com 1-800-456-8000 ext. 76121 Daniel Williams Market Development Executive Ingram Micro Cloud Security Team 716-908-0749 1-800-456-8000 ext. 66016 firstname.lastname@example.org Daniel.Williams@ingrammicro.com 1-800-705-7057 option 2 Shawna Gentner Market Development Specialist 1-800-456-8000, ext. 67453 Shawna.Gentner@ingrammicro.com
22. Thank You Michael Reeves, CISSP Cloud Architect email@example.com @michaelreevesaz