🛡️

NCSF 2.0 Implementation Webinar Notes

Jul 16, 2024

View transcript

NCSF 2.0 Implementation Webinar Notes

Introduction

  • Speaker: Thean, coach and mentor for InfoSec professionals on ISU 2701
  • Focus: Implementation of NCSF 2.0
  • Topics covered: Overview of NCSF, Structure, Core Requirements, Implementation, Best Practices

NCSF Overview

  • NCSF: Voluntary framework by NIST to manage and reduce cybersecurity risks
  • Benefits: Improved cybersecurity posture, enhanced risk management, better communication within the organization
  • Applicability: Government entities, Financial organizations, Insurance companies, Healthcare sector, Educational institutes, NGOs
  • Customization: Implementation varies by organization's vision, mission, objectives, and strategies

Structure of NCSF

  1. Framework Core: Set of cybersecurity activities/outcomes to manage risks
  2. Organizational Profiles: Describe the current or desired cybersecurity posture
  3. CSF Tiers: Levels of cybersecurity risk governance and management practices

Framework Core Components

  1. Govern (Governance Function): Setting up rules and expectations for cybersecurity
    • Includes policies, roles, responsibilities, oversight, supply chain risk management
  2. Identify (Identify Function): Awareness of cybersecurity risks
    • Includes asset management, risk assessment, vulnerability identification, threat assessment
  3. Protect (Protection Function): Implementing safeguards to manage risks
    • Includes identity management, access control, awareness training, data security, platform security
  4. Detect (Detection Function): Spotting potential cybersecurity attacks
    • Includes continuous monitoring, adverse event analysis
  5. Respond (Response Function): Taking actions to minimize damage from incidents
    • Includes incident management, incident analysis, incident mitigation
  6. Recover (Recovery Function): Restoring operations after incidents
    • Includes incident recovery plan, communication

Organizational Profiles

  • Current Profile: Current cybersecurity outcomes and their effectiveness
  • Target Profile: Desired future outcomes
  • Community Profile: Baseline of outcomes for a specific sector (Finance, Insurance, IT, etc.)

Steps to Create an Organizational Profile

  1. Scope: Define what aspects of cybersecurity will be covered
  2. Gather Information: Policies, risk management priorities, resources, requirements, tools
  3. Create Profile: Identify CSF outcomes, document information, conduct gap analysis
  4. Gap Analysis: Identify gaps between current state and target state
  5. Action Plan: Develop plan to bridge gaps and achieve compliance

CSF Tiers

  • Purpose: Categorize rigor of cybersecurity practices
  • Tiers: Partial, Risk-informed, Repeatable, Adaptive
  • Note: Tiers are not tied to maturity levels but help in valuation of cybersecurity posture

Deep Dive into Framework Core

Govern Function

  1. Organizational Context: Vision, mission, goals, stakeholders, legal/regulatory requirements
  2. Risk Management Strategy: Define program, identify risk appetite/tolerance, methodology
  3. Roles, Responsibilities, Authorities: Ensure top management responsibility, identify roles and provide resources
  4. Cybersecurity Policy: Establish and communicate policy
  5. Oversight: Assess risk management outcomes, develop KPI metrics
  6. Supply Chain Risk Management: Identify/manage supply chain risks integrated with overall risk management

Identify Function

  1. Asset Management: Manage asset lifecycle, maintain hardware/software inventory
  2. Risk Assessment: Identify vulnerabilities/threats, analyze and prioritize risks
  3. Improvement: Continual process assessment to enhance security posture

Protect Function

  1. Identity Management: Unique IDs, roles, authentication mechanisms (passwords, biometrics, etc.)
  2. Awareness Training: General and role-specific security awareness and training
  3. Data Security: Secure data at rest, in motion, and in use; backup data
  4. Platform Security: Secure hardware/software configurations, restrict admin privileges
  5. Infrastructure Resiliency: Protect network and assets, maintain capacity

Detect Function

  1. Continuous Monitoring: Monitor network and physical environment for anomalies
  2. Event Analysis: Analyze events to determine true/false positives, impact, scope

Respond Function

  1. Incident Management: Response plan, incident categorization, priorities, escalation
  2. Incident Analysis: Root cause analysis, evidence protection, stakeholder notification
  3. Incident Mitigation: Contain and eliminate incidents

Recover Function

  1. Incident Recovery Plan Execution: Restore processes based on priorities, ensure backup utility
  2. Communication: Inform stakeholders and the public about incident recovery status

Conclusion

  • For more InfoSec content, follow Ministry of Security on LinkedIn, Instagram, and YouTube.
  • Speaker: Thean
  • Contact: Available in the description of linked channels.

Full transcript