Abstract image of a woman sitting on books and studying on a laptop

SIEM in NIST Cyber Security Framework

Download as PPTX, PDF
Bernie Leung, P.E., CISSP, profile picture
Bernie Leung, P.E., CISSP

The document outlines the Federal Information Security Management Act (FISMA) and its requirements for U.S. government agencies and contractors, emphasizing the role of NIST in establishing security standards. It details the NIST Risk Management Framework and various aspects like data governance and compliance with regulations such as FedRAMP. Additionally, it stresses the integration of people, process, and technology in the implementation of Security Information and Event Management (SIEM) systems.

Technology
1 of 16
Downloaded 105 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
© 2014 Cognizant1 FISMA – How does SIEM fit in? Bernie Leung, CISSP, SOC Lead, Architect takming.leung@cognizant.com leung.bernie@gmail.com
© 2014 Cognizant2 Definitions EGov Act 2002 –Title III is the law that enacted FISMA FISMA is part of this law to ensure security for computer systems (H/W, S/W and operations). NIST is called upon to created the standards. NIST SP800-xxx are the standards. In particular SP800-53 specifies the various security controls. NIST Risk Management Framework addresses the security controls according to: • Identify • Protect • Detect • Respond • Recover FIPS addresses the requirement and process that a federal computer system can be operated. FIPS 199 - Classification of system impact FIPS 200 – Application of NIST to system according to FIP 199 classification Circular A130 re-affirms the NIST Risk Management Framework – an operations view of the NIST SP800-53. .
© 2014 Cognizant3 Federal and Regulatory Requirement Flow Down Requirement How it applies to Cognizant US SOC Considerations Outcome FISMA – Federal Information Security Management Act - Applies to US government agencies and contractors - Relies on NIST - Is client a Federal agency or contractor? - SOC must comply with NIST Cognizant Confidential and Internal Use only FedRAMP - Federal Risk Operation and Mangement Program - Applies to Cloud Service Providers to US Government Agencies - Based on certified 3rd part accreditation - Even though contractor is not a Federal agency, it provides servive to Federal agencies - SOC should comply with FedRAMP requirements. Data Governance - Applies to data storage, retention periods, eDiscovery and legal hold. - SOC is the guardian of configuration data. - International law complicates data stored outside of US. - Data will reside within US border.
© 2014 Cognizant4 SIEM Can Not operate as an Island!
© 2014 Cognizant5 People, Process, Technology
© 2014 Cognizant6 SIEM  Technology
© 2014 Cognizant7 Process
© 2014 Cognizant8 NIST Risk Management Framework
© 2014 Cognizant9 Step 1 Categorization FIPS 199 NIST SP800-60
© 2014 Cognizant10 Step 2 & 3 - Security Controls
© 2014 Cognizant11 Step 6 Monitoring
© 2014 Cognizant12 Information Security Continuous Monitoring
© 2014 Cognizant13 ISCM and Security Automation
© 2014 Cognizant14 CAESARS block architecture
© 2014 Cognizant15
© 2014 Cognizant16 References NIST Special Publication 800-xxx http://csrc.nist.gov/publications/PubsSPs.html NIST FIPS-199 http://csrc.nist.gov/publications/PubsSPs.html CAESARS reference architecture http://scap.nist.gov/events/2012/itsac/presentations/day3 /5Oct_330pm_Sell.pdf NIST CyberSecurity Framework Reference Tool http://www.nist.gov/cyberframework/csf_reference_tool.c fm.

More Related Content

PPTX
Beginner's Guide to SIEM
AlienVault
 
PDF
SIEM Architecture
Nishanth Kumar Pathi
 
PPTX
SIEM presentation final
Rizwan S
 
PDF
Threat Hunting
Splunk
 
PPTX
Security Information and Event Management (SIEM)
hardik soni
 
PPTX
Security Information and Event Management (SIEM)
k33a
 
PPTX
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
PPTX
Roadmap to security operations excellence
Erik Taavila
 
Beginner's Guide to SIEM
AlienVault
 
SIEM Architecture
Nishanth Kumar Pathi
 
SIEM presentation final
Rizwan S
 
Threat Hunting
Splunk
 
Security Information and Event Management (SIEM)
hardik soni
 
Security Information and Event Management (SIEM)
k33a
 
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Roadmap to security operations excellence
Erik Taavila
 

What's hot (20)

PPTX
SOC Cyber Security
Steppa Cyber Security
 
PPTX
Security operation center
MuthuKumaran267
 
PDF
Security architecture
Duncan Unwin
 
PDF
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
PDF
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
PPTX
Siem ppt
kmehul
 
PDF
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
PPSX
Next-Gen security operation center
Muhammad Sahputra
 
PPTX
SIEM - Your Complete IT Security Arsenal
ManageEngine EventLog Analyzer
 
PDF
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Sounil Yu
 
PPTX
SABSA overview
SABSAcourses
 
PPTX
McAfee SIEM solution
hashnees
 
PPTX
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
PPTX
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
PPTX
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
PPTX
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
PDF
Implementing Vulnerability Management
Argyle Executive Forum
 
PPTX
Build an Information Security Strategy
Andrew Byers
 
DOC
SIEM
vikasraina
 
PDF
NIST Cybersecurity Framework - Mindmap
WAJAHAT IQBAL
 
SOC Cyber Security
Steppa Cyber Security
 
Security operation center
MuthuKumaran267
 
Security architecture
Duncan Unwin
 
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Siem ppt
kmehul
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
Next-Gen security operation center
Muhammad Sahputra
 
SIEM - Your Complete IT Security Arsenal
ManageEngine EventLog Analyzer
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Sounil Yu
 
SABSA overview
SABSAcourses
 
McAfee SIEM solution
hashnees
 
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
Implementing Vulnerability Management
Argyle Executive Forum
 
Build an Information Security Strategy
Andrew Byers
 
SIEM
vikasraina
 
NIST Cybersecurity Framework - Mindmap
WAJAHAT IQBAL
 
Ad

Similar to SIEM in NIST Cyber Security Framework (20)

DOCX
Generic_Sample_INFOSECPolicy_and_Procedures
Samuel Loomis
 
PPTX
How I Woke Up from the CMMC Compliance Nightmare
Ignyte Assurance Platform
 
PPTX
NIST-Cloud-Presentation-Industry-Day-Release.pptx
KellyMcBrair
 
PPTX
CMMC DFARS/NIST SP 800-171
Ignyte Assurance Platform
 
PPTX
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Ulf Mattsson
 
PPTX
Key Cyber Security Issues for Government Contractors
Government Technology and Services Coalition
 
PPTX
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
iQHub
 
PPTX
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
iQHub
 
PPT
Contractor Responsibilities under the Federal Information Security Management...
padler01
 
PPT
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
John Gilligan
 
PDF
ControlCase CMMC Basics Deck Final.pdf
AmyPoblete3
 
PDF
A Case Study of the Capital One Data Breach
Anchises Moraes
 
PPTX
Minder RTP Product Overview
Cruatech
 
PDF
Guide to Risk Management Framework (RMF)
MetroStar
 
PDF
An Introduction to zOS Real-time Infrastructure and Security Practices
Jerry Harding
 
PPTX
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
SolarWinds
 
PPTX
Mobile First? Security First? It's a Tie and Here's Why!
Globo Plc
 
PPTX
Empowering Secure Mobility in Regulated Industries
Globo Plc
 
DOCX
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
turveycharlyn
 
PPTX
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Adam Levithan
 
Generic_Sample_INFOSECPolicy_and_Procedures
Samuel Loomis
 
How I Woke Up from the CMMC Compliance Nightmare
Ignyte Assurance Platform
 
NIST-Cloud-Presentation-Industry-Day-Release.pptx
KellyMcBrair
 
CMMC DFARS/NIST SP 800-171
Ignyte Assurance Platform
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Ulf Mattsson
 
Key Cyber Security Issues for Government Contractors
Government Technology and Services Coalition
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
iQHub
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
iQHub
 
Contractor Responsibilities under the Federal Information Security Management...
padler01
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
John Gilligan
 
ControlCase CMMC Basics Deck Final.pdf
AmyPoblete3
 
A Case Study of the Capital One Data Breach
Anchises Moraes
 
Minder RTP Product Overview
Cruatech
 
Guide to Risk Management Framework (RMF)
MetroStar
 
An Introduction to zOS Real-time Infrastructure and Security Practices
Jerry Harding
 
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
SolarWinds
 
Mobile First? Security First? It's a Tie and Here's Why!
Globo Plc
 
Empowering Secure Mobility in Regulated Industries
Globo Plc
 
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
turveycharlyn
 
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Adam Levithan
 
Ad

Recently uploaded (20)

PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PDF
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PPTX
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
PDF
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
DOCX
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PDF
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
PDF
A proposed approach for plagiarism detection in Myanmar Unicode text
IAESIJAI
 
PDF
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
PPTX
TEXTILE technology diploma scope and career opportunities
kriti38
 
PDF
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
PPTX
Configure Apache Mutual Authentication
Antonino Piraino
 
PPTX
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
What is a Computer? Input Devices /output devices
GulJan8
 
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
A proposed approach for plagiarism detection in Myanmar Unicode text
IAESIJAI
 
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
TEXTILE technology diploma scope and career opportunities
kriti38
 
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
Configure Apache Mutual Authentication
Antonino Piraino
 
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 

SIEM in NIST Cyber Security Framework

  • 1. © 2014 Cognizant1 FISMA – How does SIEM fit in? Bernie Leung, CISSP, SOC Lead, Architect [email protected] [email protected]
  • 2. © 2014 Cognizant2 Definitions EGov Act 2002 –Title III is the law that enacted FISMA FISMA is part of this law to ensure security for computer systems (H/W, S/W and operations). NIST is called upon to created the standards. NIST SP800-xxx are the standards. In particular SP800-53 specifies the various security controls. NIST Risk Management Framework addresses the security controls according to: • Identify • Protect • Detect • Respond • Recover FIPS addresses the requirement and process that a federal computer system can be operated. FIPS 199 - Classification of system impact FIPS 200 – Application of NIST to system according to FIP 199 classification Circular A130 re-affirms the NIST Risk Management Framework – an operations view of the NIST SP800-53. .
  • 3. © 2014 Cognizant3 Federal and Regulatory Requirement Flow Down Requirement How it applies to Cognizant US SOC Considerations Outcome FISMA – Federal Information Security Management Act - Applies to US government agencies and contractors - Relies on NIST - Is client a Federal agency or contractor? - SOC must comply with NIST Cognizant Confidential and Internal Use only FedRAMP - Federal Risk Operation and Mangement Program - Applies to Cloud Service Providers to US Government Agencies - Based on certified 3rd part accreditation - Even though contractor is not a Federal agency, it provides servive to Federal agencies - SOC should comply with FedRAMP requirements. Data Governance - Applies to data storage, retention periods, eDiscovery and legal hold. - SOC is the guardian of configuration data. - International law complicates data stored outside of US. - Data will reside within US border.
  • 4. © 2014 Cognizant4 SIEM Can Not operate as an Island!
  • 5. © 2014 Cognizant5 People, Process, Technology
  • 6. © 2014 Cognizant6 SIEM  Technology
  • 8. © 2014 Cognizant8 NIST Risk Management Framework
  • 9. © 2014 Cognizant9 Step 1 Categorization FIPS 199 NIST SP800-60
  • 10. © 2014 Cognizant10 Step 2 & 3 - Security Controls
  • 11. © 2014 Cognizant11 Step 6 Monitoring
  • 12. © 2014 Cognizant12 Information Security Continuous Monitoring
  • 13. © 2014 Cognizant13 ISCM and Security Automation
  • 14. © 2014 Cognizant14 CAESARS block architecture
  • 16. © 2014 Cognizant16 References NIST Special Publication 800-xxx http://csrc.nist.gov/publications/PubsSPs.html NIST FIPS-199 http://csrc.nist.gov/publications/PubsSPs.html CAESARS reference architecture http://scap.nist.gov/events/2012/itsac/presentations/day3 /5Oct_330pm_Sell.pdf NIST CyberSecurity Framework Reference Tool http://www.nist.gov/cyberframework/csf_reference_tool.c fm.