CONCEPTS IN CYBER SECURITY - WWOA
2y ago
48 Views
1 Downloads
983.65 KB
22 Pages
Report/dmca
Download PDF

Transcription

CONCEPTS IN CYBERSECURITYGARY KNEELAND, CISSPSENIOR CONSULTANTCRITICAL INFRASTRUCTURE & SECURITY PRACTICE1

OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE EXAMPLES REFERENCES2

US CRITICAL INFRASTRUCTUREChemical SectorDefense Industrial BaseSectorGovernment FacilitiesSectorTransportation SystemsSectorCommercial FacilitiesSectorEmergency ServicesSectorHealthcare and PublicHealth SectorWater and WastewaterSystems SectorCommunications SectorEnergy SectorInformation TechnologySectorCritical ManufacturingSectorFinancial Services SectorNuclear Reactors, Materials,and Waste SectorDams SectorFood and AgricultureSector

NIST FRAMEWORK UPDATEFEB 12, 2013 EXECUTIVE ORDER EXECUTIVE ORDER 13636 – IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITYFEB 12, 2014 FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBER SECURITY, V1.0COMPENDIUM OF INFORMATIVE REFERENCES REVIEW OF OVER 320 NATIONAL & INTERNATIONAL STANDARDS, GUIDELINES, DIRECTIVES, BEST PRACTICES, MODELS,SPECIFICATIONS, POLICIES AND REGULATIONS, INCLUDING INPUT IA4

NIST FRAMEWORK CONCEPTS THE FRAMEWORK COMPLEMENTS, AND DOESNOT REPLACE, AN ORGANIZATION’S EXISTING BUSINESS ORCYBERSECURITY RISK MANAGEMENT PROCESS AND CYBERSECURITY PROGRAM. RATHER, THE ORGANIZATION CAN USE ITSCURRENT PROCESSES AND LEVERAGE THE FRAMEWORK TO IDENTIFY OPPORTUNITIES TO IMPROVE AN ORGANIZATION’SCYBERSECURITY RISK MANAGEMENT. ALTERNATIVELY, AN ORGANIZATION WITHOUT AN EXISTING CYBERSECURITY PROGRAMCAN USE THE FRAMEWORK AS A REFERENCE WHEN ESTABLISHING ONE.KEY CONCEPTS FRAMEWORK CORE FRAMEWORK IMPLEMENTATION TIERS FRAMEWORK PROFILE5

NIST FRAMEWORK CONCEPTSCORETIERPROFILEFUNCTIONS0 - PARTIALESTABLISH A ROADMAPCATEGORIES1- RISK INFORMEDSUBCATEGORIES2 - REPEATABLEINFORMATIVE REFERENCE3 - ADAPTIVEFramework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 20146

FRAMEWORK COREFunctionCategorySubcategoryInformative mework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 20147

NIST FRAMEWORKFUNCTIONSIDENTIFY DEVELOP THE ORGANIZATIONAL UNDERSTANDING TO MANAGECYBERSECURITY RISK TO SYSTEMS, ASSETS, DATA, AND CAPABILITIES. THE ACTIVITIES IN THE IDENTIFY FUNCTION ARE FOUNDATIONAL FOREFFECTIVE USE OF THE FRAMEWORK. UNDERSTANDING THE BUSINESSCONTEXT, THE RESOURCES THAT SUPPORT CRITICAL FUNCTIONS, AND THERELATED CYBERSECURITY RISKS ENABLES AN ORGANIZATION TO FOCUSAND PRIORITIZE ITS EFFORTS, CONSISTENT WITH ITS RISK MANAGEMENTSTRATEGY AND BUSINESS NEEDS. EXAMPLES OF OUTCOME CATEGORIESWITHIN THIS FUNCTION INCLUDE: ASSET MANAGEMENT; BUSINESSENVIRONMENT; GOVERNANCE; RISK ASSESSMENT; AND RISKMANAGEMENT STRATEGY.Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 20148

NIST FRAMEWORKCYBERSECURITY CONTROLSIDENTIFYPLANT REFERENCECYBER CONTROL POLICIES POLICIES ROLES & RESPONSIBILITIES ROLES & RESPONSIBILITIES RISK ASSESSMENT VULNERABILITY ASSESSMENT EQUIPMENT LIST ASSET / APPLICATION LIST AREA / PROCESS CLASSIFICATION ASSET / APPLICATION CLASSIFICATION P&ID’S NETWORK DIAGRAMS9

NIST FRAMEWORKFUNCTIONSPROTECT DEVELOP AND IMPLEMENT THE APPROPRIATE SAFEGUARDS TOENSURE DELIVERY OF CRITICAL INFRASTRUCTURE SERVICES. THE PROTECT FUNCTION SUPPORTS THE ABILITY TO LIMIT ORCONTAIN THE IMPACT OF A POTENTIAL CYBERSECURITY EVENT.EXAMPLES OF OUTCOME CATEGORIES WITHIN THIS FUNCTIONINCLUDE: ACCESS CONTROL; AWARENESS AND TRAINING; DATASECURITY; INFORMATION PROTECTION PROCESSES ANDPROCEDURES; MAINTENANCE; AND PROTECTIVE TECHNOLOGY.Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 201410

NIST FRAMEWORKCYBERSECURITY CONTROLSPROTECTPLANT REFERENCECYBER CONTROL TRAINING TRAINING BACKGROUND CHECKS ANTI-VIRUS & PATCHING GUARDS FIREWALLS CARD KEYS / BADGES CARD KEYS / BADGES ESCORTED ACCESS ESCORTED ACCESS KEYED LOCKS / LOTO LOGICAL ACCESS CONTROL LEAST PRIVILEGE ACCESS LEAST PRIVILEGE ACCESS PROCEDURES PROCEDURES JOB SAFETY ASSESSMENT CONFIGURATION CHANGE MANAGEMENT11

NIST FRAMEWORKFUNCTIONSDETECT DEVELOP AND IMPLEMENT THE APPROPRIATE ACTIVITIES TO IDENTIFYTHE OCCURRENCE OF A CYBERSECURITY EVENT. THE DETECT FUNCTION ENABLES TIMELY DISCOVERY OFCYBERSECURITY EVENTS. EXAMPLES OF OUTCOME CATEGORIESWITHIN THIS FUNCTION INCLUDE: ANOMALIES AND EVENTS;SECURITY CONTINUOUS MONITORING; AND DETECTION PROCESSES.Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 201412

NIST FRAMEWORKCYBERSECURITY CONTROLSDETECTPLANT REFERENCE LOGS / OPERATOR ROUNDS CAMERA / MOTION DETECT ANALYZERS ALARMS / ALERTS UNAUTHORIZED PERSONNELINTERVENTIONCYBER CONTROL LOGS, SECURITY INFORMATION &EVENT MONITOR (SIEM) INTRUSION DETECTION NETWORK PERFORMANCEMONITORING ALARMS / ALERTS ROGUE DEVICE DETECTION13

NIST FRAMEWORKFUNCTIONSRESPOND DEVELOP AND IMPLEMENT THE APPROPRIATE ACTIVITIES TO TAKEACTION REGARDING A DETECTED CYBERSECURITY EVENT. THE RESPOND FUNCTION SUPPORTS THE ABILITY TO CONTAIN THEIMPACT OF A POTENTIAL CYBERSECURITY EVENT. EXAMPLES OFOUTCOME CATEGORIES WITHIN THIS FUNCTION INCLUDE: RESPONSEPLANNING; COMMUNICATIONS; ANALYSIS; MITIGATION; ANDIMPROVEMENTS.Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 201414

NIST FRAMEWORKCYBERSECURITY CONTROLSRESPONDPLANT REFERENCECYBER CONTROL EMERGENCY RESPONSE PLANNING EMERGENCY RESPONSE PLANNING EXECUTE EMERGENCY RESPONSEPLAN EXECUTE EMERGENCY RESPONSEPLAN NOTIFY AUTHORITIES NOTIFY AUTHORITIES ISOLATE & PRESERVE ISOLATE & PRESERVE INITIATE RECOVERY INITIATE RECOVERY UPDATE RESPONSE PLAN UPDATE RESPONSE PLAN15

NIST FRAMEWORKFUNCTIONSRECOVER DEVELOP AND IMPLEMENT THE APPROPRIATE ACTIVITIES TO MAINTAINPLANS FOR RESILIENCE AND TO RESTORE ANY CAPABILITIES ORSERVICES THAT WERE IMPAIRED DUE TO A CYBERSECURITY EVENT. THE RECOVER FUNCTION SUPPORTS TIMELY RECOVERY TO NORMALOPERATIONS TO REDUCE THE IMPACT FROM A CYBERSECURITY EVENT.EXAMPLES OF OUTCOME CATEGORIES WITHIN THIS FUNCTIONINCLUDE: RECOVERY PLANNING; IMPROVEMENTS; ANDCOMMUNICATIONS.Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 201416

NIST FRAMEWORKCYBERSECURITY CONTROLSRECOVERPLANT REFERENCECYBER CONTROL BYPASS ALTERNATE CONTROLS IMPLEMENT SPARE IMPLEMENT SPARE REPAIR/REBUILD/REPLACE REPAIR/REBUILD/REPLACE RESET RESET17

GET HELP REGULATORY BODY RESEARCHERS VENDORS CONSULTANTSAmerican Water Works Association l Institute of Standards and Technology (NIST)Computer Security Divisionwww.nist.gov/itl/csd/United States Computer Emergency Readiness Team (US-CERT)www.us-cert.govCritical Infrastructure & Security Practice schneider-electric.com

19

20

21

22

Feb 12, 2013 · api iso iec nei nist nfpa oig olf opc sans tia . nist framework concepts the framework complements, and does not replace, an organization’s existing business or cybersecurity risk management process and cy

Related Books

CIP-002-5 — Cyber Security — BES Cyber System Categorization

CIP-002-5 — Cyber Security — BES Cyber System Categorization

Integrating Systems Engineering, Cyber Security and Cyber .

Integrating Systems Engineering, Cyber Security and Cyber .

PROGRAM GUIDE - Cyber Security Training

PROGRAM GUIDE - Cyber Security Training

Cyber security assessments of industrial control systems

Cyber security assessments of industrial control systems

Information and Cyber Security Review

Information and Cyber Security Review

Over 1,200 - InfoSec Cyber Security Certification EC-Council

Over 1,200 - InfoSec Cyber Security Certification EC-Council

An introduction to CYBER SECURITY - Skills for Care

An introduction to CYBER SECURITY - Skills for Care

Introduction to Cyber Security - UOU

Introduction to Cyber Security - UOU

REQUEST FOR PROPOSAL CYBER SECURITY ASSESSMENT

REQUEST FOR PROPOSAL CYBER SECURITY ASSESSMENT

CYBER SECURITY CHECKLIST - Utah

CYBER SECURITY CHECKLIST - Utah

Cyber security at home - Bank of Ireland

Cyber security at home - Bank of Ireland

McAfee Guide to Implementing the 10 Steps to Cyber Security

McAfee Guide to Implementing the 10 Steps to Cyber Security

PopularTags

Recent Views