NIST Cyber Framework Resources

Here are the references and other resources for the Q+E webinars for the IT Metrics and Productivity Institute (ITMPI):

• “The # 1 Global Threat: Cyber“ July 16, 2013

The global threat environment is changing. This environment is demanding re-evaluations of the way we do business, expanding our analytical envelope, and altering the vocabulary of intelligence. Cyber threats are more diverse, interconnected, and viral than at any time in history. Attacks, which might involve cyber and financial weapons, can be deniable and un-attributable, In this webinar, Dr. Carolyn Turbyfill will present an overview of global cyber challenges, threats and then discuss enterprise risk management (ERM) solutions in terms of cyber standards development, new cyber management systems/taxonomies, and cyber risk management/assurance/control methodologies.

Download PDF of the Number One Global Threat Cyber presentation here.

NEW!  “Threat Modeling: Designing for Security“ by Adam Shostack is an excellent compendium of Threat Analysis techniques that can be used by Generalists, Security Specialists, Operations, Architects and Developers.  The Introduction maps sections of the book appropriate to different roles.

• “Cyber Security Across Critical Infrastructure Protection Sectors (CIPS)“ February 6, 2014

This webinar provided an overview of the most current Cybersecurity requirements and standards for Critical Infrastructure Protection.

View webinar preview: http://www.youtube.com/watch?v=8bi_GPh8lN4

Access recorded webinar (fee):
http://www.itmpi.org/ProductDetail/tabid/731/rvdsfpid/cybersecurity-across-critical-infrastructure-protection-sectors-cips-519/rvdsfcatid/feb-2014-324/Default.aspx

Download PDF of the NIST Cybersecurity Framework presentation here.
Download Framework worksheet in PDF or MS Word.

NIST Framework References

• NEW! IT Application Development Guidelines  NIST 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems
• NIST outlines draft Cybersecurity framework for industry
  http://www.nist.gov/itl/csd/Cybersecurity-070213.cfm
• NIST Cybersecurity Framework portal
  http://www.nist.gov/cyberframework
• Preliminary Framework Compendium (list of 321 cyber rules, standards and best practices)
  http://www.nist.gov/itl/upload/preliminary_framework_compendium.xlsx
• Preliminary Cybersecurity Framework
  http://www.nist.gov/itl/upload/preliminary-Cybersecurity-framework.pdf
• Cybersecurity Framework v1 (2014)
  http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf
• Appendix A, Framework Core
  presents a listing of Functions, Categories, Subcategories and Informative References
  http://www.nist.gov/itl/upload/alternative-view_appendix-a_framework-core-informative-references.pdf

Standards and CIP References

• NEW!  Security and Privacy Controls for Federal Information Systems and Organizations  NIST Special Publication 800-53 Revision 4-Summary
• Director of National Intelligence, James Clapper, Testimony                                  DNI-worldwide-threat-assessment-of-US-intel-community
• CNSSI Number 4009, National Information Assurance (IA) Glossary 4/26/2010  http://DOD-General CNSSI_4009_26APR2010_20593/
• CMMI Audits of Services  http://www.sei.cmu.edu/library/abstracts/presentations/CMMI-for-Services-Overview.cfm
• Executive Orders 2013
  http://www.archives.gov/federal-register/executive-orders/2013.html
• National Institute of Standards and Technology (NIST)
  http://www.nist.gov/index.html
• NIST Computer Security Special Publications (800 Series)
  http://csrc.nist.gov/publications/PubsSPs.html
• ISO 31000 Risk Management Standards
  http://www.iso.org/iso/home/standards/iso31000.
• The Biggest Security SNAFUs of 2013 (So Far)
  http://www.networkworld.com/news/2013/security-snafus.html
• “Tipping Point” by Malcolm Gladwell: http://www.gladwell.com/the-tipping-point/
• CERM Academy: insights.cermacademy.com