Cybersecurity risk management : mastering the fundamentals using the NIST cybersecurity framework /

"The National Institute of Standards and Technology (NIST), located in Gaithersburg, MD, is a U.S. Department of Commerce division. It is assigned the job of promoting innovation and industrial competitiveness. It is a research organization filled with some of the world's leading scientist...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Brumfield, Cynthia (Autor), Haugli, Brian (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Hoboken, NJ : John Wiley & Sons, Inc., 2022.
Temas:
Computer security > Risk management.
Sécurité informatique > Gestion du risque.
Electronic books.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Academic Foreword xiii
  • Acknowledgments xv
  • Preface – Overview of the NIST Framework xvii
  • Background on the Framework xviii
  • Framework Based on Risk Management xix
  • The Framework Core xix
  • Framework Implementation Tiers xxi
  • Framework Profile xxii
  • Other Aspects of the Framework Document xxiii
  • Recent Developments At Nist xxiii
  • Chapter 1 Cybersecurity Risk Planning and Management 1
  • Introduction 2
  • I. What Is Cybersecurity Risk Management? 2
  • A. Risk Management Is a Process 3
  • II. Asset Management 4
  • A. Inventory Every Physical Device and System You Have and Keep the Inventory Updated 5
  • B. Inventory Every Software Platform and Application You Use and Keep the Inventory Updated 9
  • C. Prioritize Every Device, Software Platform, and Application Based on Importance 10
  • D. Establish Personnel Security Requirements Including Third-Party Stakeholders 11
  • III. Governance 13
  • A. Make Sure You Educate Management about Risks 13
  • IV. Risk Assessment and Management 15
  • A. Know Where You’re Vulnerable 15
  • B. Identify the Threats You Face, Both Internally and Externally 16
  • C. Focus on the Vulnerabilities and Threats That Are Most Likely AND Pose the Highest Risk to Assets 17
  • D. Develop Plans for Dealing with the Highest Risks 18
  • Summary 20
  • Chapter Quiz 20
  • Essential Reading on Cybersecurity Risk Management 22
  • Chapter 2 User and Network Infrastructure Planning and Management 23
  • I. Introduction 24
  • II. Infrastructure Planning and Management Is All about Protection, Where the Rubber Meets the Road 24
  • A. Identity Management, Authentication, and Access Control 25
  • 1. Always Be Aware of Who Has Access to Which System, for Which Period of Time, and from Where the Access Is Granted 27
  • 2. Establish, Maintain, and Audit an Active Control List and Process for Who Can Physically Gain Access to Systems 28
  • 3. Establish Policies, Procedures, and Controls for Who Has Remote Access to Systems 28
  • 4. Make Sure That Users Have the Least Authority Possible to Perform Their Jobs and Ensure That at Least Two Individuals Are Responsible for a Task 29
  • 5. Implement Network Security Controls on All Internal Communications, Denying Communications among Various Segments Where Necessary 31
  • A Word about Firewalls 31
  • 6. Associate Activities with a Real Person or a Single Specific Entity 32
  • 7. Use Single- or Multi-Factor Authentication Based on the Risk Involved in the Interaction 33
  • III. Awareness and Training 34
  • A. Make Sure That Privileged Users and Security Personnel Understand Their Roles and Responsibilities 35
  • IV. Data Security 35
  • A. Protect the Integrity of Active and Archived Databases 35
  • B. Protect the Confidentiality and Integrity of Corporate Data Once It Leaves Internal Networks 36
  • C. Assure That Information Can Only Be Accessed by Those Authorized to Do So and Protect Hardware and Storage Media 37
  • D. Keep Your Development and Testing Environments Separate from Your Production Environment 38
  • E. Implement Checking Mechanisms to Verify Hardware Integrity 39
  • V. Information Protection Processes and Procedures 39
  • A. Create a Baseline of IT and OT Systems 40
  • B. Manage System Configuration Changes in a Careful, Methodical Way 41
  • A Word about Patch Management 42
  • C. Perform Frequent Backups and Test Your Backup Systems Often 43
  • D. Create a Plan That Focuses on Ensuring That Assets and Personnel Will Be Able to Continue to Function in the Event of a Crippling Attack or Disaster 43
  • VI. Mainte nance 44
  • A. Perform Maintenance and Repair of Assets and Log Activities Promptly 45
  • B. Develop Criteria for Authorizing, Monitoring, and Controlling All Maintenance and Diagnostic Activities for Third Parties 45
  • VII. Protective Technology 46
  • A. Restrict the Use of Certain Types of Media On Your Systems 46
  • B. Wherever Possible, Limit Functionality to a Single Function Per Device (Least Functionality) 47
  • C. Implement Mechanisms to Achieve Resilience on Shared Infrastructure 48
  • Summary 49
  • Chapter Quiz 50
  • Essential Reading on Network Management 51
  • Chapter 3 Tools and Techniques for Detecting Cyber Incidents 53
  • Introduction 54
  • What Is an Incident? 55
  • I. Detect 56
  • A. Anomalies and Events 56
  • 1. Establish Baseline Data for Normal, Regular Traffic Activity and Standard Configuration for Network Devices 57
  • 2. Monitor Systems with Intrusion Detection Systems and Establish a Way of Sending and Receiving Notifications of Detected Events; Establish a Means of Verifying, Assessing, and Tracking the Source of Anomalies 58
  • A Word about Antivirus Software 60
  • 3. Deploy One or More Centralized Log File Monitors and Configure Logging Devices throughout the Organization to Send Data Back to the Centralized Log Monitor 61
  • 4. Determine the Impact of Events Both Before and After they Occur 61
  • 5. Develop a Threshold for How Many Times an Event Can Occur Before You Take Action 62
  • B. Continuous Monitoring 62
  • 1. Develop Strategies for Detecting Breaches as Soon as Possible, Emphasizing Continuous Surveillance of Systems through Network Monitoring 63
  • 2. Ensure That Appropriate Access to the Physical Environment Is Monitored, Most Likely through Electronic Monitoring or Alarm Systems 64
  • 3. Monitor Employee Behavior in Terms of Both Physical and Electronic Access to Detect Unauthorized Access 65
  • 4. Develop a System for Ensuring That Software Is Free of Malicious Code through Software Code Inspection and Vulnerability Assessments 65
  • 5. Monitor Mobile Code Applications (e.g., Java Applets) for Malicious Activity by Authenticating the Codes’ Origins, Verifying their Integrity, and Limiting the Actions they Can Perform 66
  • 6. Evaluate a Provider’s Internal and External Controls’ Adequacy and Ensure they Develop and Adhere to Appropriate Policies, Procedures, and Standards; Consider the Results of Internal and External Audits 66
  • 7. Monitor Employee Activity for Security Purposes and Assess When Unauthorized Access Occurs 67
  • 8. Use Vulnerability Scanning Tools to Find Your Organization’s Weaknesses 68
  • C. Detection Processes 68
  • 1. Establish a Clear Delineation between Network and Security Detection, with the Networking Group and the Security Group Having Distinct and Different Responsibilities 69
  • 2. Create a Formal Detection Oversight and Control Management Function; Define Leadership for a Security Review, Operational Roles, and a Formal Organizational Plan; Train Reviewers to Perform Their Duties Correctly and Implement the Review Process 70
  • 3. Test Detection Processes Either Manually or in an Automated Fashion in Conformance with the Organization’s Risk Assessment 71
  • 4. Inform Relevant Personnel Who Must Use Data or Network Security Information about What Is Happening and Otherwise Facilitate Organizational Communication 71
  • 5. Document the Process for Event Detection to Improve the Organization’s Detection Systems 72
  • Summary 72
  • Chapter Quiz 73
  • Essential Reading for Tools and Techniques for Detecting a Cyberattack 74
  • Chapter 4 Developing a Continuity of Operations Plan 75
  • Introduction 77
  • A. One Size Does Not Fit All 77
  • I. Response 77
  • A. Develop an Executable Response Plan 79
  • B. Understand the Importance of Communications in Incident Response 80
  • C. Prepare for Corporate-Wide Involvement During Some Cybersecurity Attacks 81
  • II. Analysis 82
  • A. Examine Your Intrusion Detection System in Analyzing an Incident 82
  • B. Understand the Impact of the Event 83
  • C. Gather and Preserve Evidence 84
  • D. Prioritize the Treatment of the Incident Consistent with Your Response Plan 84
  • E. Establish Processes for Handling Vulnerability Disclosures 85
  • III. Mitigation 86
  • A. Take Steps to Contain the Incident 86
  • B. Decrease the Threat Level by Eliminating or Intercepting the Adversary as Soon as the Incident Occurs 87
  • C. Mitigate Vulnerabilities or Designate Them as Accepted Risk 88
  • IV. Recover 88
  • A. Recovery Plan Is Executed During or After a Cybersecurity Incident 89
  • B. Update Recovery Procedures Based on New Information as Recovery Gets Underway 91
  • C.
  • Develop Relationships with Media to Accurately Disseminate Information and Engage in Reputational Damage Limitation 92
  • Summary 92
  • Chapter Quiz 93
  • Essential Reading for Developing a Continuity of Operations Plan 94
  • Chapter 5 Supply Chain Risk Management 95
  • Introduction 96
  • I. NIST Special Publication 800-161 96
  • II. Software Bill of Materials 97
  • III. NIST Revised Framework Incorporates Major Supply Chain Category 98
  • A. Identify, Establish, and Assess Cyber Supply Chain Risk Management Processes and Gain Stakeholder Agreement 98
  • B. Identify, Prioritize, and Assess Suppliers and Third-Party Partners of Suppliers 99
  • C. Develop Contracts with Suppliers and Third-Party Partners to Address Your Organization’s Supply Chain Risk Management Goals 100
  • D. Routinely Assess Suppliers and Third-Party Partners Using Audits, Test Results, and Other Forms of Evaluation 101
  • E. Test to Make Sure Your Suppliers and Third-Party Providers Can Respond to and Recover from Service Disruption 102
  • Summary 103
  • Chapter Quiz 103
  • Essential Reading for Supply Chain Risk Management 104
  • Chapter 6 Manufacturing and Industrial Control Systems Security 105
  • Essential Reading on Manufacturing and Industrial Control Security 110
  • Appendix A: Helpful Advice for Small Organizations
  • Seeking to Implement Some of the Book’s Recommendations 111
  • Appendix B: Critical Security Controls Version 8.0 Mapped to NIST CSF v1.1 113
  • Answers to Chapter Quizzes 121
  • Index 131.

Ejemplares similares