Cybersecurity risk management mastering the fundamentals using the NIST cybersecurity framework
"The National Institute of Standards and Technology (NIST), located in Gaithersburg, MD, is a U.S. Department of Commerce division. It is assigned the job of promoting innovation and industrial competitiveness. It is a research organization filled with some of the world's leading scientist...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Hoboken, New Jersey :
John Wiley & Sons, Inc
[2022]
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009645684006719 |
Tabla de Contenidos:
- Intro
- Title page
- Copyright
- Dedication
- Academic Foreword
- Acknowledgments
- Preface - Overview of the NIST Framework
- Background on the Framework
- Framework Based on Risk Management
- The Framework Core
- Framework Implementation Tiers
- Framework Profile
- Other Aspects of the Framework Document
- Recent Developments At Nist
- CHAPTER 1 Cybersecurity Risk Planning and Management
- Introduction
- I. What Is Cybersecurity Risk Management?
- A. Risk Management Is a Process
- II. Asset Management
- A. Inventory Every Physical Device and System You Have and Keep the Inventory Updated
- B. Inventory Every Software Platform and Application You Use and Keep the Inventory Updated
- C. Prioritize Every Device, Software Platform, and Application Based on Importance
- D. Establish Personnel Security Requirements Including Third-Party Stakeholders
- III. Governance
- A. Make Sure You Educate Management about Risks
- IV. Risk Assessment and Management
- A. Know Where You're Vulnerable
- B. Identify the Threats You Face, Both Internally and Externally
- C. Focus on the Vulnerabilities and Threats That Are Most Likely AND Pose the Highest Risk to Assets
- D. Develop Plans for Dealing with the Highest Risks
- Summary
- Chapter Quiz
- Essential Reading on Cybersecurity Risk Management
- CHAPTER 2 User and Network Infrastructure Planning and Management
- I. Introduction
- II. Infrastructure Planning and Management Is All about Protection, Where the Rubber Meets the Road
- A. Identity Management, Authentication, and Access Control
- 1. Always Be Aware of Who Has Access to Which System, for Which Period of Time, and from Where the Access Is Granted
- 2. Establish, Maintain, and Audit an Active Control List and Process for Who Can Physically Gain Access to Systems.
- 3. Establish Policies, Procedures, and Controls for Who Has Remote Access to Systems
- 4. Make Sure That Users Have the Least Authority Possible to Perform Their Jobs and Ensure That at Least Two Individuals Are Responsible for a Task
- 5. Implement Network Security Controls on All Internal Communications, Denying Communications among Various Segments Where Necessary
- A Word about Firewalls
- 6. Associate Activities with a Real Person or a Single Specific Entity
- 7. Use Single- or Multi-Factor Authentication Based on the Risk Involved in the Interaction
- III. Awareness and Training
- A. Make Sure That Privileged Users and Security Personnel Understand Their Roles and Responsibilities
- IV. Data Security
- A. Protect the Integrity of Active and Archived Databases
- B. Protect the Confidentiality and Integrity of Corporate Data Once It Leaves Internal Networks
- C. Assure That Information Can Only Be Accessed by Those Authorized to Do So and Protect Hardware and Storage Media
- D. Keep Your Development and Testing Environments Separate from Your Production Environment
- E. Implement Checking Mechanisms to Verify Hardware Integrity
- V. Information Protection Processes and Procedures
- A. Create a Baseline of IT and OT Systems
- B. Manage System Configuration Changes in a Careful, Methodical Way
- A Word about Patch Management
- C. Perform Frequent Backups and Test Your Backup Systems Often
- D. Create a Plan That Focuses on Ensuring That Assets and Personnel Will Be Able to Continue to Function in the Event of a Crippling Attack or Disaster
- VI. Maintenance
- A. Perform Maintenance and Repair of Assets and Log Activities Promptly
- B. Develop Criteria for Authorizing, Monitoring, and Controlling All Maintenance and Diagnostic Activities for Third Parties
- VII. Protective Technology.
- A. Restrict the Use of Certain Types of Media On Your Systems
- B. Wherever Possible, Limit Functionality to a Single Function Per Device (Least Functionality)
- C. Implement Mechanisms to Achieve Resilience on Shared Infrastructure
- Summary
- Chapter Quiz
- Essential Reading on Network Management
- CHAPTER 3 Tools and Techniques for Detecting Cyber Incidents
- Introduction
- What Is an Incident?
- I. Detect
- A. Anomalies and Events
- 1. Establish Baseline Data for Normal, Regular Traffic Activity and Standard Configuration for Network Devices
- 2. Monitor Systems with Intrusion Detection Systems and Establish a Way of Sending and Receiving Notifications of Detected Events
- Establish a Means of Verifying, Assessing, and Tracking the Source of Anomalies
- A Word about Antivirus Software
- 3. Deploy One or More Centralized Log File Monitors and Configure Logging Devices throughout the Organization to Send Data Back to the Centralized Log Monitor
- 4. Determine the Impact of Events Both Before and After they Occur
- 5. Develop a Threshold for How Many Times an Event Can Occur Before You Take Action
- B. Continuous Monitoring
- 1. Develop Strategies for Detecting Breaches as Soon as Possible, Emphasizing Continuous Surveillance of Systems through Network Monitoring
- 2. Ensure That Appropriate Access to the Physical Environment Is Monitored, Most Likely through Electronic Monitoring or Alarm Systems
- 3. Monitor Employee Behavior in Terms of Both Physical and Electronic Access to Detect Unauthorized Access
- 4. Develop a System for Ensuring That Software Is Free of Malicious Code through Software Code Inspection and Vulnerability Assessments
- 5. Monitor Mobile Code Applications (e.g., Java Applets) for Malicious Activity by Authenticating the Codes' Origins, Verifying their Integrity, and Limiting the Actions they Can Perform.
- 6. Evaluate a Provider' s Internal and External Controls' Adequacy and Ensure they Develop and Adhere to Appropriate Policies, Procedures, and Standards
- Consider the Results of Internal and External Audits
- 7. Monitor Employee Activity for Security Purposes and Assess When Unauthorized Access Occurs
- 8. Use Vulnerability Scanning Tools to Find Your Organization' s Weaknesses
- C. Detection Processes
- 1. Establish a Clear Delineation between Network and Security Detection, with the Networking Group and the Security Group Having Distinct and Different Responsibilities
- 2. Create a Formal Detection Oversight and Control Management Function
- Define Leadership for a Security Review, Operational Roles, and a Formal Organizational Plan
- Train Reviewers to Perform Their Duties Correctly and Implement the Review Process
- 3. Test Detection Processes Either Manually or in an Automated Fashion in Conformance with the Organization' s Risk Assessment
- 4. Inform Relevant Personnel Who Must Use Data or Network Security Information about What Is Happening and Otherwise Facilitate Organizational Communication
- 5. Document the Process for Event Detection to Improve the Organization' s Detection Systems
- Summary
- Chapter Quiz
- Essential Reading for Tools and Techniques for Detecting a Cyberattack
- CHAPTER 4 Developing a Continuity of Operations Plan
- Introduction
- A. One Size Does Not Fit All
- I. Response
- A. Develop an Executable Response Plan
- B. Understand the Importance of Communications in Incident Response
- C. Prepare for Corporate-Wide Involvement During Some Cybersecurity Attacks
- II. Analysis
- A. Examine Your Intrusion Detection System in Analyzing an Incident
- B. Understand the Impact of the Event
- C. Gather and Preserve Evidence
- D. Prioritize the Treatment of the Incident Consistent with Your Response Plan.
- E. Establish Processes for Handling Vulnerability Disclosures
- III. Mitigation
- A. Take Steps to Contain the Incident
- B. Decrease the Threat Level by Eliminating or Intercepting the Adversary as Soon as the Incident Occurs
- C. Mitigate Vulnerabilities or Designate Them as Accepted Risk
- IV. Recover
- A. Recovery Plan Is Executed During or After a Cybersecurity Incident
- B. Update Recovery Procedures Based on New Information as Recovery Gets Underway
- C. Develop Relationships with Media to Accurately Disseminate Information and Engage in Reputational Damage Limitation
- Summary
- Chapter Quiz
- Essential Reading for Developing a Continuity of Operations Plan
- CHAPTER 5 Supply Chain Risk Management
- Introduction
- I. NIST Special Publication 800-161
- II. Software Bill of Materials
- III. NIST Revised Framework Incorporates Major Supply Chain Category
- A. Identify, Establish, and Assess Cyber Supply Chain Risk Management Processes and Gain Stakeholder Agreement
- B. Identify, Prioritize, and Assess Suppliers and Third-Party Partners of Suppliers
- C. Develop Contracts with Suppliers and Third-Party Partners to Address Your Organization s Supply Chain Risk Management Goals
- D. Routinely Assess Suppliers and Third-Party Partners Using Audits, Test Results, and Other Forms of Evaluation
- E. Test to Make Sure Your Suppliers and Third-Party Providers Can Respond to and Recover from Service Disruption
- Summary
- Chapter Quiz
- Essential Reading for Supply Chain Risk Management
- CHAPTER 6 Manufacturing and Industrial Control Systems Security
- Essential Reading on Manufacturing and Industrial Control Security
- Appendix A: Helpful Advice for Small Organizations Seeking to Implement Some of the Book's Recommendations
- Appendix B: Critical Security Controls Version 8.0 Mapped to NIST CSF v1.1.
- Answers to Chapter Quizzes.
