Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mapping NIST CSF and GDPR Frameworks to Microsoft Technologies

Published byBerniece Henry Modified over 6 years ago

Similar presentations

Presentation on theme: "Mapping NIST CSF and GDPR Frameworks to Microsoft Technologies"— Presentation transcript:

1 Mapping NIST CSF and GDPR Frameworks to Microsoft Technologies
6/12/2018 8:16 PM THR3084 Mapping NIST CSF and GDPR Frameworks to Microsoft Technologies Nathan Lasnoski Chief Technology Officer - Concurrency © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Risk Mitigation and Digital Transformation
1 The Digital Transformation is driving change in the way IT is leveraged and secured throughout the business 2 The way IT is secured and risks mitigated within the business will also rapidly evolve with new frameworks (NIST & GDPR). 3 The technologies for mitigating risks are a combination of longstanding best practices and modern capabilities. 4 The defense against the modern (and existing) threats of the Digital Transformation start now

3 The Digital Transformation is driving change in the way IT is secured throughout the business

4 Securing Areas of Transformation
Customers Partners Employees Securing the customer experience with technology Securing partner interactions through technology Securing efficiency in internal operations

5 The way IT is secured and risks mitigated within the business will rapidly evolve as threats enter new vectors

6 Modern Security Layers to Mitigate Risk
Network Operating System Identity Application Information Communications Management Physical

7 The NIST Framework – Intent
Framework for Improving Critical Infrastructure Cybersecurity Despite the name, applicable to any organization or business A voluntary, risk-based approach to manage cybersecurity risk, in a cost-effective way, based on business needs The framework is not law There is no compliance requirement What do you do? How well do you do it? What do you need to do? It’s about MANAGING RISKS and making SOUND INVESTMENTS in cybersecurity efforts

8 NIST Security Framework & GDPR
Identify Recover Protect Digital Transformation Respond Detect

9 Risk Mitigation Combining Layers and NIST
Identify Network Cloud threat identification Operating System Recover Protect Identity Declarative configuration Cloud consistent protection patterns Application Digital Transformation Information Communications Respond Detect Management Automated response mechanisms Big data detection patterns Physical

10 The technologies for mitigating risks are a combination of longstanding best practices and modern capabilities

11 Mapping in Technology Solutions
NIST CSF and GDPR to Category / Microsoft technology map …download the map here: Protect (PR) Data Security (PR.DS): Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information. PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition PR.DS-4: Adequate capacity to ensure availability is maintained Cloud Datacenter Operations Management Suite & System Center Modern IT Management PR.DS-5: Protections against data leaks are implemented Customer Enablement Enterprise Mobility Suite Azure Resource Management Standards Office365 PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity PR.DS-7: The development and testing environment(s) are separate from the production environment Visual Studio Team Services PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained Operations Management Suite &System Center ServiceNow PR.IP-2: A System Development Life Cycle to manage systems is implemented

12 Anatomy of Attacks and Defense
ServiceNow Dynamics Power BI System Center SCCM MIM ATA Azure Stack Hypervisor Network EMS OMS USTS Azure ML Log Data ARM + DSC Code Inventory Automation Log Data/IDS ARM + Code DSC I IoT Suite

13 Demo

14 The defense against the modern threats of the Digital Transformation start now

15 Steps to Starting Out First Second Then Admit that you can do better
Know that you can always do better Make a plan for addressing the security threats that are most relevant based on risk and financial impact

16 Who Do You Want to Be? Disorganized, Hidden, Unprepared
Organized, Transparent, Prepared

17 Get Specific with Prioritization
Discover Assess ID System Owner Business Process Hardware Product Software Product Configuration Threat Vulnerability Controls Impact (Low-Med-High) Complexity (Low-Med-High) Risk (Low-Med-Hgih) Priority 00001 Workstations and Servers Denise Smith X Privilege Escalation Local Administrators LAPS High Low 1 00002 Active Directory Qiong Wu Unauthorized Use Privileged Accounts MIM PAM Med 4 00003 Naoki Sato Code Execution Patching SCCM 3 00004 Business Culture Daniel Roth Social Engineering Phishing KnowBe4 2 00005 WiFi Andrea Dunker Pre-shared Key 802.1X 5 00006 Eric Gruber Business Data Loss Malicious Software Device Guard 6

18 Key points 1 Understand that security is not something to procrastinate on 2 Leverage NIST CSF and GDPR to develop a prioritized plan 3 Address key operating system and identity threats first 4 Don’t underestimate the importance of a security management platform

19 Please evaluate this session
Tech Ready 15 6/12/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 6/12/2018 8:16 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Mapping NIST CSF and GDPR Frameworks to Microsoft Technologies"

Similar presentations

demo Demo.

demo Demo.
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!

How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!
Azure on Steroids: Full Automation with PowerShell

Azure on Steroids: Full Automation with PowerShell
How To Deliver Apps Faster And Secure Them The Microsoft Way

How To Deliver Apps Faster And Secure Them The Microsoft Way
Cloud Security IS Application-Centric Security

Cloud Security IS Application-Centric Security
THR2099 What to do BEFORE all hell breaks loose: Building a modern cybersecurity strategy.

THR2099 What to do BEFORE all hell breaks loose: Building a modern cybersecurity strategy.
6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee Welly.Lee@microsoft.com.

6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Developing Hybrid Apps on Microsoft Azure Stack

Developing Hybrid Apps on Microsoft Azure Stack
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,

6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,
Decoding audit events in Microsoft Office 365

Decoding audit events in Microsoft Office 365
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
What a Real, Functioning DevOps Team Looks Like

What a Real, Functioning DevOps Team Looks Like
“Enable, Invent & Adopt, Transform”

“Enable, Invent & Adopt, Transform”
Protect sensitive information with Office 365 DLP

Protect sensitive information with Office 365 DLP
Location – the next frontier in analytics

Location – the next frontier in analytics
SQL Server on Linux on All-Flash Arrays

SQL Server on Linux on All-Flash Arrays
Microsoft Ignite /31/ :08 AM

Microsoft Ignite /31/ :08 AM

Similar presentations

Ads by Google