Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Improving Critical Infastructure Cybersecurity

advertisement 
Framework for Improving Critical
Infrastructure Cybersecurity
NIST Feb 2014
Lots of Cyber Security Controls Sets
(Now we have one more)
• HIPAA - Healthcare
• PCI - Credit Cards
• NIST 800-53 - US (.gov)
• PCI - Credit Industry
• ISO 27001 - International
• SAS 70/SSAE-Public Corp
• NERC-CIP - Infrastructure
• DIACAP - DoD (.mil)
• TSA - Transportation
• Cybersecurity Framework
(newest)
Framework’s Primary Functions
(A risk-based approach to managing cybersecurity risk)
The Framework Core consists of five concurrent and continuous
Functions:
• Identify
• Detect
• Protect
• Recover
• Respond
When considered together, these Functions provide a high-level,
strategic view of the lifecycle of an organization’s management
of cybersecurity risk.
Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the
organization to achieve business purposes are identified and managed consistent with their relative
importance to business objectives and the organization’s risk strategy.
Business Environment (ID.BE): The organization’s mission, objectives, stakeholders, and activities
are understood and prioritized; this information is used to inform cybersecurity roles,
responsibilities, and risk management decisions.
IDENTIFY
Governance (ID.GV): The policies, procedures, and processes to manage and monitor the
organization’s regulatory, legal, risk, environmental, and operational requirements are understood
and inform the management of cybersecurity risk.
Risk Assessment (ID.RA): The organization understands the cybersecurity risk to organizational
operations (including mission, functions, image, or reputation), organizational assets, and
individuals.B58
Risk Management Strategy (ID.RM): The organization’s priorities, constraints, risk tolerances, and
assumptions are established and used to support operational risk decisions.
Anomalies and Events (DE.AE): Anomalous activity is detected in a timely manner and the
potential impact of events is understood.
Detect
Security Continuous Monitoring (DE.CM): The information system and assets are monitored at
discrete intervals to identify cybersecurity events and verify the effectiveness of protective
measures.
Detection Processes (DE.DP): Detection processes and procedures are maintained and tested to
ensure timely and adequate awareness of anomalous events.
Access Control (PR.AC): Access to assets and associated facilities is B84limited to authorized users,
processes, or devices, and to authorized activities and transactions.
Awareness and Training (PR.AT): The organization’s personnel and partners are provided
cybersecurity awareness education and are adequately trained to perform their information
security-related duties and responsibilities consistent with related policies, procedures, and
agreements.
Protect
Data Security (PR.DS): Information and records (data) are managed consistent with the
organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
Information Protection Processes and Procedures (PR.IP): Security policies (that address purpose,
scope, roles, responsibilities, management commitment, and coordination among organizational
entities), processes, and procedures are maintained and used to manage protection of information
systems and assets.
Maintenance (PR.MA): Maintenance and repairs of industrial control and information system
components is performed consistent with policies and procedures.
Protective Technology (PR.PT): Technical security solutions are managed to ensure the security
and resilience of systems and assets, consistent with related policies, procedures, and agreements.
Response Planning (RS.RP): Response processes and procedures are executed and maintained, to
ensure timely response to detected cybersecurity events.
Communications (RS.CO): Response activities are coordinated with internal and external
stakeholders, as appropriate, to include external support from law enforcement agencies.
Respond
Analysis (RS.AN): Analysis is conducted to ensure adequate response and support recovery
activities.
Mitigation (RS.MI): Activities are performed to prevent expansion of an event, mitigate its
effects, and eradicate the incident.
Improvements (RS.IM): Organizational response activities are improved by incorporating lessons
learned from current and previous detection/response activities.
Recovery Planning (RC.RP): Recovery processes and procedures are executed and maintained to
ensure timely restoration of systems or assets affected by cybersecurity events.
Improvements (RC.IM): Recovery planning and processes are improved by incorporating lessons
learned into future activities.
Recover
Communications (RC.CO): Restoration activities are coordinated with internal and external
parties, such as coordinating centers, Internet Service Providers, owners of attacking systems,
victims, other CSIRTs, and vendors.
References
• http://www.whitehouse.gov/the-pressoffice/2013/02/12/executive-order-improving-criticalinfrastructure-cybersecurity
• http://www.nist.gov/cyberframework/index.cfm
• http://ics-cert.us-cert.gov/Assessments
Related documents
Read Key Cybersecurity`s full description of
Read Key Cybersecurity`s full description of
Fact Sheet on U.S.-India Strengthening Cooperation On Cybersecurity
Fact Sheet on U.S.-India Strengthening Cooperation On Cybersecurity
BroadBand Building Future Skills for National Security and Business
BroadBand Building Future Skills for National Security and Business
ARS Results
ARS Results
NIST Framework PowerPoint presentation
NIST Framework PowerPoint presentation
Last strategic plan was five years old and never formally adopted by
Last strategic plan was five years old and never formally adopted by
Steven M. Bellovin
Steven M. Bellovin
Foreign Policy was the Hottest Topic at Fox News's First GOP Debate
Foreign Policy was the Hottest Topic at Fox News's First GOP Debate
National Security Key Issues Deck
National Security Key Issues Deck
Word
Word
The Political Economy of Cybersecurity
The Political Economy of Cybersecurity
Final Reflection Essay–Qi Zhu
Final Reflection Essay–Qi Zhu
Expert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE:
Expert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE:
Abstract Submission TENTH ANNUAL CARNEGIE MELLON CONFERENCE ON THE ELECTRICITY INDUSTRY Title: Authors:
Abstract Submission TENTH ANNUAL CARNEGIE MELLON CONFERENCE ON THE ELECTRICITY INDUSTRY Title: Authors:
Technology Readiness Level
Technology Readiness Level
Susan Kohn Ross, Esq. Mitchell Silberberg & Knupp LLP
Susan Kohn Ross, Esq. Mitchell Silberberg & Knupp LLP
Cybersecurity Strategy Brief to ITC
Cybersecurity Strategy Brief to ITC
Cybersecurity Workforce Training and Development
Cybersecurity Workforce Training and Development
Chap 9
Chap 9
Cybersecurity Diagnosis in Industrial Environments QA
Cybersecurity Diagnosis in Industrial Environments QA
Cybersecurity Challenges and Opportunities
Cybersecurity Challenges and Opportunities
NLC Congressional City Conference
NLC Congressional City Conference
Download
advertisement