How Boards use the NIST Cybersecurity Framework as a ...
Transcript of How Boards use the NIST Cybersecurity Framework as a ...
![Page 1: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/1.jpg)
GOH Seow Hiong
Executive Director, Global Policy & Government Affairs, Asia Pacific
Cisco Systems
December 2017
Why is the NIST framework important?
How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity
![Page 2: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/2.jpg)
• Does your company’s management report to the Board on cybersecurity? Regularly?
• Do you know when was the latest breach in the company?
• Do you know the damage from the last breach?
• Do you know the extent of the breach?
As board members …
![Page 3: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/3.jpg)
THE EVOLVING THREAT LANDSCAPE
What threats do I face?
![Page 4: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/4.jpg)
Shortage of cyber security experts
Evolving business needs
Dynamic threat landscape
Complexity and fragmentation
Security Challenges
Changing regulations and business models
Widening IT/Board communication gap
Attack surface
Threat actors
Attack sophistication
Fragmented security
Not interoperable
Not open
Talent crunch
Niche security skills
Increased costs
![Page 5: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/5.jpg)
THE BIGGEST PROBLEM
Do I know if I’ve been compromised?
![Page 6: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/6.jpg)
Cyber Attack – No If but When
Source: Verizon 2012 Data Breach Investigation Report
![Page 7: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/7.jpg)
Whack-a-mole Approach
![Page 8: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/8.jpg)
Recognizing Malware is Difficult and Not Enough
![Page 9: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/9.jpg)
How easy is it to breach?
![Page 10: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/10.jpg)
MY IT GUYS ARE ON IT!
How are they managing security?
![Page 11: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/11.jpg)
Management Nightmare
![Page 12: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/12.jpg)
25%Lack of Trained
Personnel
(-4%)
Complexity is a Significant Obstacle to Security
Business Constraints
55%of organizations use 6 to
>50 security vendors
65% of organizations use 6 to
>50 security products
2016 (n=2,850)
2016 (n=2,860)
35%Budget
25%Certification
Requirements
28%Compatibility
Issues
Vendor
(-4%)
(+/-0%)
(Change from 2015)
(+3%)
Products
Complexity
1-5 (45%) 6-10 (29%)
11-20 (18%) 21-50 (7%) Over 50 (3%)
1-5 (35%) 6-10 (29%)
11-20 (21%) 21-50 (11%)
Over 50 (6%)
![Page 13: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/13.jpg)
Device enrollment challenges await….
374new devices per second
10 minto connect and define policy
7.8person-days of effort per second
245.8Mperson-days of effort per year
![Page 14: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/14.jpg)
How do deal with the challenges?
Holistic not piecemeal approach
![Page 15: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/15.jpg)
Evolution of defensive tactics
Medieval defense Modern defense
![Page 16: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/16.jpg)
Analogy with Airport security
Identity Check AnyConnect
No Entry for Unauthorized OpenDNS
Boarding passISE
Security InspectionFirepower/AMP
Luggage Check ESA/WSA
Luggage Check InTalos
Isolates Electronic DeviceThreatGrid
Security CheckStealthWatch
Boarding on planeTrustSec
Immigration CheckASA
![Page 17: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/17.jpg)
Leverage the network
Firewall and security infrastructure
Advanced threat intelligence
Governanceprocesses
Effective security requires integrated threat defense
Before After
Integrated threat defense
During
![Page 18: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/18.jpg)
• Voluntary, open, transparent drafting process
• Voluntary, consensus-based standards leveraged
• Voluntary use of Framework by private sector
• Input to regulation & government procurement
NIST Cybersecurity Framework
![Page 19: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/19.jpg)
NIST Cybersecurity Framework
Identify
Protect
DetectRespond
Recover
Asset management;
Business environment;
Governance;
Risk assessment;
Risk Management strategy
Access control;
Awareness training;
Data security;
Information protection
processes & procedures;
Protective technology
Anomalies and events;
Security continuous
monitoring;
Detection processes
Response planning;
Communications;
Analysis;
Mitigation;
Improvements
Recovery planning;
Improvements;
Communications
![Page 20: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/20.jpg)
How do I measure?
Metrics
![Page 21: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/21.jpg)
• Mean time to detect
• Mean time to contain
• Mean time to recovery
Does your management measure these?
Metrics
![Page 22: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/22.jpg)
Detection is key
• Current average time-to-detect: 100-200 days
• Cisco in 2015: time-to-detect at 2 days
• Today:
• Cisco Time-to-detect at 6 hours
• Cisco in independent tests (NSS)
• 70% of breaches detected < 1 min
• 90% of breaches in 3 minutes
• 99% detection within 6 hours
• 100% in 24 hours
![Page 23: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/23.jpg)
Looking forward
![Page 24: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/24.jpg)
• Governments
• International bodies
• Private sectors and customers
Collaborating with Partners
![Page 25: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/25.jpg)
250+Full Time Threat Intel Researchers
MILLIONSOf Telemetry Agents
4Global Data Centers
1100+Threat Traps
100+Threat Intelligence Partners
THREAT INTEL Per Day
1.5 MILLIONDaily Malware Samples
600 BILLIONDaily Email Messages, 86% SPAM
16 BILLIONDaily Web Requests
Honeypots
Open Source Communities
Vulnerability Discovery (Internal)
Product Telemetry
Internet-Wide Scanning
20 BILLIONThreats Blocked
INTEL SHARING
Cisco
Customer Data Sharing Programs
Service Provider Coordination Program
Open Source Intel Sharing
3rd Party Programs (MAPP)
Industry Sharing Partnerships (ISACs)
500+Participants
*Google : 3.5B searches/day
![Page 26: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/26.jpg)
Address the Entire Attack Continuum
Network Endpoint Mobile Virtual Cloud
Network as a Sensor Network as an Enforcer
Total visibility + Minimum time to detect + Fast containment
.
BeforeDiscover
Enforce
Harden
AfterScope
Contain
Remediate
Detect
Block
Defend
During
![Page 27: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/27.jpg)
• Risk-based Decisions
• People + Processes + Technology
• Ongoing self-examination
• Continuous Improvement
• Dynamic Threats
• Complexity is the Enemy
Security is a Journey, Not a Destination
![Page 28: How Boards use the NIST Cybersecurity Framework as a ...](https://reader033.fdocuments.us/reader033/viewer/2022060415/62954bd512237a4c5674a8b6/html5/thumbnails/28.jpg)
Email: [email protected]