Professional Documents
Culture Documents
Ashutosh Bahuguna
Scientist C
2
Information
Information?
ISO/IEC 27001:2013
Implementing Information Security
1. Scope
2. Context of the Organization
3. Leadership
4. Planning RA & RTP , SoA
5. Support
6. Operations Control Implementation
7. Performance Evaluation
8. Improvement
Cyber Security Framework
NIST Cybersecurity Framework is a risk-
based approach to managing cybersecurity
risk, and is composed of three parts:
Framework Core
Framework Implementation Tiers
Framework Profiles
Framework Core
Five Components
Identify
Protect
Detect
Respond
Recover
Framework Core
Cyber Security Capability Maturity Model
Maturity Model
o Define its current state
o Determine its future, more mature state
o Identify the capabilities it must attain to reach
that future state
Maturity Indicator Levels: The model defines four
maturity indicator levels, MIL0 through MIL3
10 domains
Risk Management
Asset, Change, and Configuration Management
Identity and Access Management
Threat and Vulnerability Management
Situational Awareness
Information Sharing and Communications
Event and Incident Response, Continuity of Operations
Supply Chain and External Dependencies
Management
Workforce Management
Cybersecurity Program Management
Critical Security Controls
Stay Safe! !