Оглавление
Cynthia Brumfield. Cybersecurity Risk Management
Cybersecurity Risk Management. Mastering the Fundamentals Using the NIST Cybersecurity Framework
Contents
List of Illustrations
Guide
Pages
Academic Foreword
Acknowledgments
Preface – Overview of the NIST Framework
BACKGROUND ON THE FRAMEWORK
FRAMEWORK BASED ON RISK MANAGEMENT
THE FRAMEWORK CORE
FRAMEWORK IMPLEMENTATION TIERS
FRAMEWORK PROFILE
OTHER ASPECTS OF THE FRAMEWORK DOCUMENT
RECENT DEVELOPMENTS AT NIST
Notes
CHAPTER 1 Cybersecurity Risk Planning and Management. Overview of Chapter and Objective
INTRODUCTION
I. WHAT IS CYBERSECURITY RISK MANAGEMENT?
A. Risk Management Is a Process
II. ASSET MANAGEMENT
Voices of Experience. On Asset Management. If you don’t know what you have, you don’t know what you need to protect
A. Inventory Every Physical Device and System You Have and Keep the Inventory Updated
Voices of Experience. On Asset Management. Work from Home Environments Raise the Stakes on Asset Management
Relevant Technical Standards for ID.AM-1
B. Inventory Every Software Platform and Application You Use and Keep the Inventory Updated
Relevant Technical Standards for ID.AM-2
C. Prioritize Every Device, Software Platform, and Application Based on Importance
Relevant Technical Standards for ID.RA-5
D. Establish Personnel Security Requirements Including Third-Party Stakeholders
Relevant Technical Standards for ID.AM-6
III. GOVERNANCE
A. Make Sure You Educate Management about Risks
Voices of Experience. On Governance. Know Your Laws and Regulations
Relevant Technical Standards for ID.GV-4
IV. RISK ASSESSMENT AND MANAGEMENT
A. Know Where You’re Vulnerable
Relevant Technical Standards for ID.RA-1
B. Identify the Threats You Face, Both Internally and Externally
Relevant Technical Standards for ID.RA-3
C. Focus on the Vulnerabilities and Threats That Are Most Likely AND Pose the Highest Risk to Assets
Relevant Technical Standards for ID.RA-5
D. Develop Plans for Dealing with the Highest Risks
Relevant Technical Standards for ID.RA-6
SUMMARY
CHAPTER QUIZ
ESSENTIAL READING ON CYBERSECURITY RISK MANAGEMENT
Notes
CHAPTER 2 User and Network Infrastructure Planning and Management. Overview of Chapter and Objective
I. INTRODUCTION
II. INFRASTRUCTURE PLANNING AND MANAGEMENT IS ALL ABOUT PROTECTION, WHERE THE RUBBER MEETS THE ROAD
A. Identity Management, Authentication, and Access Control
Voices of Experience. On Granting Access. Watch Out for Layering Entitlements When Job Functions Change
Relevant Technical Standards for PR.AC-1
Relevant Technical Standards for PR.AC-2
Relevant Technical Standards for PR.AC-3
Relevant Technical Standards for PR.AC-4
Relevant Technical Standards for PR.AC-5
A WORD ABOUT FIREWALLS
Relevant Technical Standards for PR.AC-6
Relevant Technical Standards for PR.AC-7
III. AWARENESS AND TRAINING
Voices of Experience. On Awareness and Training. Training That Is Most Useful to Employees
A. Make Sure That Privileged Users and Security Personnel Understand Their Roles and Responsibilities
Relevant Technical Standards for PR.AT-5
IV. DATA SECURITY
A. Protect the Integrity of Active and Archived Databases
Relevant Technical Standards for PR.DS-1
B. Protect the Confidentiality and Integrity of Corporate Data Once It Leaves Internal Networks
Relevant Technical Standards for PR.DS-2
C. Assure That Information Can Only Be Accessed by Those Authorized to Do So and Protect Hardware and Storage Media
Relevant Technical Standards for PR.DS-6
D. Keep Your Development and Testing Environments Separate from Your Production Environment
Relevant Technical Standards for PR.DS-7
E. Implement Checking Mechanisms to Verify Hardware Integrity
Relevant Technical Standards for PR.DS-8
V. INFORMATION PROTECTION PROCESSES AND PROCEDURES
A. Create a Baseline of IT and OT Systems
Relevant Technical Standards for PR.IP-1
B. Manage System Configuration Changes in a Careful, Methodical Way
Relevant Technical Standards for PR.IP-3
A WORD ABOUT PATCH MANAGEMENT
C. Perform Frequent Backups and Test Your Backup Systems Often
Relevant Technical Standards for PR.IP-4
D. Create a Plan That Focuses on Ensuring That Assets and Personnel Will Be Able to Continue to Function in the Event of a Crippling Attack or Disaster
Relevant Technical Standards for PR.IP-9
VI. MAINTENANCE
A. Perform Maintenance and Repair of Assets and Log Activities Promptly
Relevant Technical Standards for PR.MA-1
B. Develop Criteria for Authorizing, Monitoring, and Controlling All Maintenance and Diagnostic Activities for Third Parties
Voices of Experience. On Removable Media. Overlook Removable Media at Your Own Peril
Relevant Technical Standards for PR.MA-2
VII. PROTECTIVE TECHNOLOGY
A. Restrict the Use of Certain Types of Media On Your Systems
Relevant Technical Standards for PR.PT-2
B. Wherever Possible, Limit Functionality to a Single Function Per Device (Least Functionality)
Voices of Experience. On Least Functionality. Turn on Only Those Services Needed
Relevant Technical Standards for PR.PT-3
C. Implement Mechanisms to Achieve Resilience on Shared Infrastructure
Relevant Technical Standards for PR.PT-5
SUMMARY
CHAPTER QUIZ
ESSENTIAL READING ON NETWORK MANAGEMENT
Notes
CHAPTER 3 Tools and Techniques for Detecting Cyber Incidents. Overview of Chapter and Objective
INTRODUCTION
WHAT IS AN INCIDENT?
Voices of Experience. On Why Detect Is “Right of Boom” Detect Looks for Weakness Exploitations
I. DETECT
A. Anomalies and Events
1. Establish Baseline Data for Normal, Regular Traffic Activity and Standard Configuration for Network Devices
Voices of Experience. On Anomalies and Events. Start Off with a Strong Foundation
Relevant Technical Standards for DE.AE-1
Relevant Technical Standards for DE.AE-2
A WORD ABOUT ANTIVIRUS SOFTWARE
Relevant Technical Standards for DE.AE-3
Relevant Technical Standards for DE.AE-4
Relevant Technical Standards for DE.AE-5
B. Continuous Monitoring
Voices of Experience. On Continuous Monitoring. Continuous Monitoring Needs to Actually Be Continuous
Relevant Technical Standards for DE.CM-1
Relevant Technical Standards for DE.CM-2
Relevant Technical Standards for DE.CM-3
Relevant Technical Standards for DE.CM-4
Relevant Technical Standards for DE.CM-5
Relevant Technical Standards for DE.CM-6
Relevant Technical Standards for DE.CM-7
Relevant Technical Standards for DE.CM-8
C. Detection Processes
Relevant Technical Standards for DE.DP-1
Relevant Technical Standards for DE.DP-2
Relevant Technical Standards for DE.DP-3
Relevant Technical Standards for DE.DP-4
Relevant Technical Standards for DE.DP-5
SUMMARY
CHAPTER QUIZ
ESSENTIAL READING FOR TOOLS AND TECHNIQUES FOR DETECTING A CYBERATTACK
CHAPTER 4 Developing a Continuity of Operations Plan. Overview of Chapter and Objective
INTRODUCTION
A. ONE SIZE DOES NOT FIT ALL
I. RESPONSE
Develop an Executable Response Plan
Relevant Technical Standards for RS.RP-1
Voices of Experience. On Coordinating with Stakeholders. Communicating with Peers is Powerful
B. Understand the Importance of Communications in Incident Response
Relevant Technical Standards for RS.CO-1
C. Prepare for Corporate-Wide Involvement During Some Cybersecurity Attacks
Relevant Technical Standards for RS.CO-4
II. ANALYSIS
A. Examine Your Intrusion Detection System in Analyzing an Incident
Relevant Technical Standards for RS.AN-1
B. Understand the Impact of the Event
Relevant Technical Standards for RS.AN-2
C. Gather and Preserve Evidence
Relevant Technical Standards for RS.AN-3
D. Prioritize the Treatment of the Incident Consistent with Your Response Plan
Relevant Technical Standards for RS.AN-4
Voices of Experience. On Vulnerability Disclosures. Bug Bounties Make You Go from Reactive to Proactive
E. Establish Processes for Handling Vulnerability Disclosures
Relevant Technical Standards for RS.AN-5
III. MITIGATION
A. Take Steps to Contain the Incident
Relevant Technical Standards for RS.MI-1
B. Decrease the Threat Level by Eliminating or Intercepting the Adversary as Soon as the Incident Occurs
Relevant Technical Standards for RS.MI-2
C. Mitigate Vulnerabilities or Designate Them as Accepted Risk
Relevant Technical Standards for RS.MI-3
IV. RECOVER
Voices of Experience. On Why Recovery Planning is Key. It’s Your Last Line of Defense
A. Recovery Plan Is Executed During or After a Cybersecurity Incident
Relevant Technical Standards for RC.RP-1
B. Update Recovery Procedures Based on New Information as Recovery Gets Underway
Relevant Technical Standards for RC.IM-1
C. Develop Relationships with Media to Accurately Disseminate Information and Engage in Reputational Damage Limitation
Relevant Technical Standards for RC.CO-1 (and RC.CO-2 Regarding Advance Media Plans)
SUMMARY
CHAPTER QUIZ
ESSENTIAL READING FOR DEVELOPING A CONTINUITY OF OPERATIONS PLAN
CHAPTER 5 Supply Chain Risk Management. Overview of Chapter and Objective
INTRODUCTION
I. NIST SPECIAL PUBLICATION 800-161
II. SOFTWARE BILL OF MATERIALS
Voices of Experience. On Supply Chain. Enterprises Need a Consistent Approach
III. NIST REVISED FRAMEWORK INCORPORATES MAJOR SUPPLY CHAIN CATEGORY
A. Identify, Establish, and Assess Cyber Supply Chain Risk Management Processes and Gain Stakeholder Agreement
Relevant Technical Standards for ID.SC-1
B. Identify, Prioritize, and Assess Suppliers and Third-Party Partners of Suppliers
Relevant Technical Standards for ID.SC-2
C. Develop Contracts with Suppliers and Third-Party Partners to Address Your Organization’s Supply Chain Risk Management Goals
Relevant Technical Standards for ID.SC-3
D. Routinely Assess Suppliers and Third-Party Partners Using Audits, Test Results, and Other Forms of Evaluation
Relevant Technical Standards for ID.SC-4
E. Test to Make Sure Your Suppliers and Third-Party Providers Can Respond to and Recover from Service Disruption
Relevant Technical Standards for ID.SC-5
SUMMARY
CHAPTER QUIZ
ESSENTIAL READING FOR SUPPLY CHAIN RISK MANAGEMENT
CHAPTER 6 Manufacturing and Industrial Control Systems Security. Overview of Chapter and Objective
Voices of Experience. On Industrial Control Security. Industrial Processes Are Very Complex
ESSENTIAL READING ON MANUFACTURING AND INDUSTRIAL CONTROL SECURITY
Appendix A: Helpful Advice for Small Organizations Seeking to Implement Some of the Book’s Recommendations
Appendix B: Critical Security Controls Version 8.0 Mapped to NIST CSF v1.1
Answers to Chapter Quizzes. CHAPTER 1
CHAPTER 2
CHAPTER 3
CHAPTER 4
CHAPTER 5
Index
WILEY END USER LICENSE AGREEMENT
