book

Cybersecurity Risk Management

by Cynthia Brumfield, Brian Haugli

December 2021

Intermediate to advanced

224 pages

4h 41m

English

Wiley

Read now

Unlock full access

Background on the FrameworkFramework Based on Risk ManagementThe Framework CoreFramework Implementation TiersFramework ProfileOther Aspects of the Framework DocumentRecent Developments At Nist
IntroductionI. What Is Cybersecurity Risk Management?A. Risk Management Is a ProcessII. Asset ManagementA. Inventory Every Physical Device and System You Have and Keep the Inventory UpdatedB. Inventory Every Software Platform and Application You Use and Keep the Inventory UpdatedC. Prioritize Every Device, Software Platform, and Application Based on Importance D. Establish Personnel Security Requirements Including Third-Party StakeholdersIII. GovernanceA. Make Sure You Educate Management about RisksIV. Risk Assessment and ManagementA. Know Where You’re Vulnerable B. Identify the Threats You Face, Both Internally and ExternallyC. Focus on the Vulnerabilities and Threats That Are Most Likely AND Pose the Highest Risk to AssetsD. Develop Plans for Dealing with the Highest RisksSummaryChapter QuizEssential Reading on Cybersecurity Risk Management
I. IntroductionII. Infrastructure Planning and Management Is All about Protection, Where the Rubber Meets the RoadA. Identity Management, Authentication, and Access Control1. Always Be Aware of Who Has Access to Which System, for Which Period of Time, and from Where the Access Is Granted2. Establish, Maintain, and Audit an Active Control List and Process for Who Can Physically Gain Access to Systems3. Establish Policies, Procedures, and Controls for Who Has Remote Access to Systems4. Make Sure That Users Have the Least Authority Possible to Perform Their Jobs and Ensure That at Least Two Individuals Are Responsible for a Task5. Implement Network Security Controls on All Internal Communications, Denying Communications among Various Segments Where NecessaryA Word about Firewalls6. Associate Activities with a Real Person or a Single Specific Entity7. Use Single– or Multi–Factor Authentication Based on the Risk Involved in the InteractionIII. Awareness and TrainingA. Make Sure That Privileged Users and Security Personnel Understand Their Roles and ResponsibilitiesIV. Data SecurityA. Protect the Integrity of Active and Archived DatabasesB. Protect the Confidentiality and Integrity of Corporate Data Once It Leaves Internal NetworksC. Assure That Information Can Only Be Accessed by Those Authorized to Do So and Protect Hardware and Storage MediaD. Keep Your Development and Testing Environments Separate from Your Production EnvironmentE. Implement Checking Mechanisms to Verify Hardware IntegrityV. Information Protection Processes and ProceduresA. Create a Baseline of IT and OT SystemsB. Manage System Configuration Changes in a Careful, Methodical WayA Word about Patch ManagementC. Perform Frequent Backups and Test Your Backup Systems OftenD. Create a Plan That Focuses on Ensuring That Assets and Personnel Will Be Able to Continue to Function in the Event of a Crippling Attack or DisasterVI. MaintenanceA. Perform Maintenance and Repair of Assets and Log Activities PromptlyB. Develop Criteria for Authorizing, Monitoring, and Controlling All Maintenance and Diagnostic Activities for Third PartiesVII. Protective TechnologyA. Restrict the Use of Certain Types of Media On Your SystemsB. Wherever Possible, Limit Functionality to a Single Function Per Device (Least Functionality)C. Implement Mechanisms to Achieve Resilience on Shared InfrastructureSummaryChapter QuizEssential Reading on Network Management
IntroductionWhat Is an Incident?I. DetectA. Anomalies and Events1. Establish Baseline Data for Normal, Regular Traffic Activity and Standard Configuration for Network Devices2. Monitor Systems with Intrusion Detection Systems and Establish a Way of Sending and Receiving Notifications of Detected Events; Establish a Means of Verifying, Assessing, and Tracking the Source of AnomaliesA Word about Antivirus Software3. Deploy One or More Centralized Log File Monitors and Configure Logging Devices throughout the Organization to Send Data Back to the Centralized Log Monitor4. Determine the Impact of Events Both Before and After they Occur5. Develop a Threshold for How Many Times an Event Can Occur Before You Take ActionB. Continuous Monitoring1. Develop Strategies for Detecting Breaches as Soon as Possible, Emphasizing Continuous Surveillance of Systems through Network Monitoring2. Ensure That Appropriate Access to the Physical Environment Is Monitored, Most Likely through Electronic Monitoring or Alarm Systems3. Monitor Employee Behavior in Terms of Both Physical and Electronic Access to Detect Unauthorized Access 4. Develop a System for Ensuring That Software Is Free of Malicious Code through Software Code Inspection and Vulnerability Assessments5. Monitor Mobile Code Applications (e.g., Java Applets) for Malicious Activity by Authenticating the Codes’ Origins, Verifying their Integrity, and Limiting the Actions they Can Perform6. Evaluate a Provider’ s Internal and External Controls’ Adequacy and Ensure they Develop and Adhere to Appropriate Policies, Procedures, and Standards; Consider the Results of Internal and External Audits7. Monitor Employee Activity for Security Purposes and Assess When Unauthorized Access Occurs8. Use Vulnerability Scanning Tools to Find Your Organization’ s WeaknessesC. Detection Processes1. Establish a Clear Delineation between Network and Security Detection, with the Networking Group and the Security Group Having Distinct and Different Responsibilities2. Create a Formal Detection Oversight and Control Management Function; Define Leadership for a Security Review, Operational Roles, and a Formal Organizational Plan; Train Reviewers to Perform Their Duties Correctly and Implement the Review Process3. Test Detection Processes Either Manually or in an Automated Fashion in Conformance with the Organization’ s Risk Assessment4. Inform Relevant Personnel Who Must Use Data or Network Security Information about What Is Happening and Otherwise Facilitate Organizational Communication5. Document the Process for Event Detection to Improve the Organization’ s Detection SystemsSummaryChapter QuizEssential Reading for Tools and Techniques for Detecting a Cyberattack

IntroductionA. One Size Does Not Fit AllI. ResponseA. Develop an Executable Response PlanB. Understand the Importance of Communications in Incident ResponseC. Prepare for Corporate–Wide Involvement During Some Cybersecurity AttacksII. AnalysisA. Examine Your Intrusion Detection System in Analyzing an IncidentB. Understand the Impact of the EventC. Gather and Preserve EvidenceD. Prioritize the Treatment of the Incident Consistent with Your Response PlanE. Establish Processes for Handling Vulnerability DisclosuresIII. MitigationA. Take Steps to Contain the IncidentB. Decrease the Threat Level by Eliminating or Intercepting the Adversary as Soon as the Incident OccursC. Mitigate Vulnerabilities or Designate Them as Accepted RiskIV. RecoverA. Recovery Plan Is Executed During or After a Cybersecurity IncidentB. Update Recovery Procedures Based on New Information as Recovery Gets UnderwayC. Develop Relationships with Media to Accurately Disseminate Information and Engage in Reputational Damage LimitationSummaryChapter QuizEssential Reading for Developing a Continuity of Operations Plan
IntroductionI. NIST Special Publication 800–161II. Software Bill of MaterialsIII. NIST Revised Framework Incorporates Major Supply Chain CategoryA. Identify, Establish, and Assess Cyber Supply Chain Risk Management Processes and Gain Stakeholder AgreementB. Identify, Prioritize, and Assess Suppliers and Third-Party Partners of SuppliersC. Develop Contracts with Suppliers and Third-Party Partners to Address Your Organization舗s Supply Chain Risk Management GoalsD. Routinely Assess Suppliers and Third-Party Partners Using Audits, Test Results, and Other Forms of EvaluationE. Test to Make Sure Your Suppliers and Third-Party Providers Can Respond to and Recover from Service DisruptionSummaryChapter QuizEssential Reading for Supply Chain Risk Management
Essential Reading on Manufacturing and Industrial Control Security