NIST Cyber Framework Resources
Here are the references and other resources for the Q+E webinars for the IT Metrics and Productivity Institute (ITMPI):
- “The # 1 Global Threat: Cyber“ July 16, 2013
The global threat environment is changing. This environment is demanding re-evaluations of the way we do business, expanding our analytical envelope, and altering the vocabulary of intelligence. Cyber threats are more diverse, interconnected, and viral than at any time in history. Attacks, which might involve cyber and financial weapons, can be deniable and un-attributable, In this webinar, Dr. Carolyn Turbyfill will present an overview of global cyber challenges, threats and then discuss enterprise risk management (ERM) solutions in terms of cyber standards development, new cyber management systems/taxonomies, and cyber risk management/assurance/control methodologies.
Download PDF of the Number One Global Threat Cyber presentation here.
NEW! “Threat Modeling: Designing for Security“ by Adam Shostack is an excellent compendium of Threat Analysis techniques that can be used by Generalists, Security Specialists, Operations, Architects and Developers. The Introduction maps sections of the book appropriate to different roles.
- “Cyber Security Across Critical Infrastructure Protection Sectors (CIPS)“ February 6, 2014
This webinar provided an overview of the most current Cybersecurity requirements and standards for Critical Infrastructure Protection.
View webinar preview: http://www.youtube.com/watch?v=8bi_GPh8lN4
NIST Framework References
- NEW! IT Application Development Guidelines NIST 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems
- NIST outlines draft Cybersecurity framework for industry
- NIST Cybersecurity Framework portal
- Preliminary Framework Compendium (list of 321 cyber rules, standards and best practices)
- Preliminary Cybersecurity Framework
- Cybersecurity Framework v1 (2014)
- Appendix A, Framework Core
presents a listing of Functions, Categories, Subcategories and Informative References
Standards and CIP References
- NEW! Security and Privacy Controls for Federal Information Systems and Organizations NIST Special Publication 800-53 Revision 4-Summary
- Director of National Intelligence, James Clapper, Testimony DNI-worldwide-threat-assessment-of-US-intel-community
- CNSSI Number 4009, National Information Assurance (IA) Glossary 4/26/2010 http://DOD-General CNSSI_4009_26APR2010_20593/
- CMMI Audits of Services http://www.sei.cmu.edu/library/abstracts/presentations/CMMI-for-Services-Overview.cfm
- Executive Orders 2013
- National Institute of Standards and Technology (NIST)
- NIST Computer Security Special Publications (800 Series)
- ISO 31000 Risk Management Standards
- The Biggest Security SNAFUs of 2013 (So Far)
- “Tipping Point” by Malcolm Gladwell: http://www.gladwell.com/the-tipping-point/
- CERM Academy: insights.cermacademy.com