| Description |
1 online resource : color illustrations |
| Bibliography |
Includes bibliographical references and index. |
| Summary |
"The National Institute of Standards and Technology (NIST), located in Gaithersburg, MD, is a U.S. Department of Commerce division. It is assigned the job of promoting innovation and industrial competitiveness. It is a research organization filled with some of the world's leading scientists and has produced many Nobel prize winners. NIST has a wide-ranging mandate: develop federal patents, oversee over 1,300 Standard Reference Materials, run a scientific laboratory in Boulder, CO, and pursue innovation in encryption technologies, among other significant efforts. NIST is primarily a scientific and engineering organization, and as such, produces patents, technical breakthroughs, documentation, and recommendations through extensive consultation with experts in various areas. This scientific consensus approach often has impressive results that can be difficult for non-specialists to understand or apply. The NIST Cybersecurity Framework resulted from an intensive one-year effort to synthesize cybersecurity experts' best thinking into a single "framework of frameworks" that can assure superior risk management. It's well-understood in the cybersecurity field that risks are constant and that the best approach to organizational cybersecurity is to manage those risks because no one can eliminate them. The NIST Framework attempts to incorporate all the best various risk management and remediation practices into one coherent whole, an ambitious goal in the complex cybersecurity field. It is a multi-layered, spoke-and-wheel collection of ideas grouped along logical lines. The Framework is conceptual and not technical, making it difficult for many organizations to apply in the real world. It doesn't help that NIST specifically avoided any technical recommendations when developing the Framework. NIST instead chose to map its recommendations to a host of standards designed in-house and at other standards-setting bodies"-- Provided by publisher. |
| Contents |
Academic Foreword xiii -- Acknowledgments xv -- Preface - Overview of the NIST Framework xvii -- Background on the Framework xviii -- Framework Based on Risk Management xix -- The Framework Core xix -- Framework Implementation Tiers xxi -- Framework Profile xxii -- Other Aspects of the Framework Document xxiii -- Recent Developments At Nist xxiii -- Chapter 1 Cybersecurity Risk Planning and Management 1 -- Introduction 2 -- I. What Is Cybersecurity Risk Management? 2 -- A. Risk Management Is a Process 3 -- II. Asset Management 4 -- A. Inventory Every Physical Device and System You Have and Keep the Inventory Updated 5 -- B. Inventory Every Software Platform and Application You Use and Keep the Inventory Updated 9 -- C. Prioritize Every Device, Software Platform, and Application Based on Importance 10 -- D. Establish Personnel Security Requirements Including Third-Party Stakeholders 11 -- III. Governance 13 -- A. Make Sure You Educate Management about Risks 13 -- IV. Risk Assessment and Management 15 -- A. Know Where You're Vulnerable 15 -- B. Identify the Threats You Face, Both Internally and Externally 16 -- C. Focus on the Vulnerabilities and Threats That Are Most Likely AND Pose the Highest Risk to Assets 17 -- D. Develop Plans for Dealing with the Highest Risks 18 -- Summary 20 -- Chapter Quiz 20 -- Essential Reading on Cybersecurity Risk Management 22 -- Chapter 2 User and Network Infrastructure Planning and Management 23 -- I. Introduction 24 -- II. Infrastructure Planning and Management Is All about Protection, Where the Rubber Meets the Road 24 -- A. Identity Management, Authentication, and Access Control 25 -- 1. Always Be Aware of Who Has Access to Which System, for Which Period of Time, and from Where the Access Is Granted 27 -- 2. Establish, Maintain, and Audit an Active Control List and Process for Who Can Physically Gain Access to Systems 28 -- 3. Establish Policies, Procedures, and Controls for Who Has Remote Access to Systems 28 -- 4. Make Sure That Users Have the Least Authority Possible to Perform Their Jobs and Ensure That at Least Two Individuals Are Responsible for a Task 29 -- 5. Implement Network Security Controls on All Internal Communications, Denying Communications among Various Segments Where Necessary 31 -- A Word about Firewalls 31 -- 6. Associate Activities with a Real Person or a Single Specific Entity 32 -- 7. Use Single- or Multi-Factor Authentication Based on the Risk Involved in the Interaction 33 -- III. Awareness and Training 34 -- A. Make Sure That Privileged Users and Security Personnel Understand Their Roles and Responsibilities 35 -- IV. Data Security 35 -- A. Protect the Integrity of Active and Archived Databases 35 -- B. Protect the Confidentiality and Integrity of Corporate Data Once It Leaves Internal Networks 36 -- C. Assure That Information Can Only Be Accessed by Those Authorized to Do So and Protect Hardware and Storage Media 37 -- D. Keep Your Development and Testing Environments Separate from Your Production Environment 38 -- E. Implement Checking Mechanisms to Verify Hardware Integrity 39 -- V. Information Protection Processes and Procedures 39 -- A. Create a Baseline of IT and OT Systems 40 -- B. Manage System Configuration Changes in a Careful, Methodical Way 41 -- A Word about Patch Management 42 -- C. Perform Frequent Backups and Test Your Backup Systems Often 43 -- D. Create a Plan That Focuses on Ensuring That Assets and Personnel Will Be Able to Continue to Function in the Event of a Crippling Attack or Disaster 43 -- VI. Mainte nance 44 -- A. Perform Maintenance and Repair of Assets and Log Activities Promptly 45 -- B. Develop Criteria for Authorizing, Monitoring, and Controlling All Maintenance and Diagnostic Activities for Third Parties 45 -- VII. Protective Technology 46 -- A. Restrict the Use of Certain Types of Media On Your Systems 46 -- B. Wherever Possible, Limit Functionality to a Single Function Per Device (Least Functionality) 47 -- C. Implement Mechanisms to Achieve Resilience on Shared Infrastructure 48 -- Summary 49 -- Chapter Quiz 50 -- Essential Reading on Network Management 51 -- Chapter 3 Tools and Techniques for Detecting Cyber Incidents 53 -- Introduction 54 -- What Is an Incident? 55 -- I. Detect 56 -- A. Anomalies and Events 56 -- 1. Establish Baseline Data for Normal, Regular Traffic Activity and Standard Configuration for Network Devices 57 -- 2. Monitor Systems with Intrusion Detection Systems and Establish a Way of Sending and Receiving Notifications of Detected Events; Establish a Means of Verifying, Assessing, and Tracking the Source of Anomalies 58 -- A Word about Antivirus Software 60 -- 3. Deploy One or More Centralized Log File Monitors and Configure Logging Devices throughout the Organization to Send Data Back to the Centralized Log Monitor 61 -- 4. Determine the Impact of Events Both Before and After they Occur 61 -- 5. Develop a Threshold for How Many Times an Event Can Occur Before You Take Action 62 -- B. Continuous Monitoring 62 -- 1. Develop Strategies for Detecting Breaches as Soon as Possible, Emphasizing Continuous Surveillance of Systems through Network Monitoring 63 -- 2. Ensure That Appropriate Access to the Physical Environment Is Monitored, Most Likely through Electronic Monitoring or Alarm Systems 64 -- 3. Monitor Employee Behavior in Terms of Both Physical and Electronic Access to Detect Unauthorized Access 65 -- 4. Develop a System for Ensuring That Software Is Free of Malicious Code through Software Code Inspection and Vulnerability Assessments 65 -- 5. Monitor Mobile Code Applications (e.g., Java Applets) for Malicious Activity by Authenticating the Codes' Origins, Verifying their Integrity, and Limiting the Actions they Can Perform 66 -- 6. Evaluate a Provider's Internal and External Controls' Adequacy and Ensure they Develop and Adhere to Appropriate Policies, Procedures, and Standards; Consider the Results of Internal and External Audits 66 -- 7. Monitor Employee Activity for Security Purposes and Assess When Unauthorized Access Occurs 67 -- 8. Use Vulnerability Scanning Tools to Find Your Organization's Weaknesses 68 -- C. Detection Processes 68 -- 1. Establish a Clear Delineation between Network and Security Detection, with the Networking Group and the Security Group Having Distinct and Different Responsibilities 69 -- 2. Create a Formal Detection Oversight and Control Management Function; Define Leadership for a Security Review, Operational Roles, and a Formal Organizational Plan; Train Reviewers to Perform Their Duties Correctly and Implement the Review Process 70 -- 3. Test Detection Processes Either Manually or in an Automated Fashion in Conformance with the Organization's Risk Assessment 71 -- 4. Inform Relevant Personnel Who Must Use Data or Network Security Information about What Is Happening and Otherwise Facilitate Organizational Communication 71 -- 5. Document the Process for Event Detection to Improve the Organization's Detection Systems 72 -- Summary 72 -- Chapter Quiz 73 -- Essential Reading for Tools and Techniques for Detecting a Cyberattack 74 -- Chapter 4 Developing a Continuity of Operations Plan 75 -- Introduction 77 -- A. One Size Does Not Fit All 77 -- I. Response 77 -- A. Develop an Executable Response Plan 79 -- B. Understand the Importance of Communications in Incident Response 80 -- C. Prepare for Corporate-Wide Involvement During Some Cybersecurity Attacks 81 -- II. Analysis 82 -- A. Examine Your Intrusion Detection System in Analyzing an Incident 82 -- B. Understand the Impact of the Event 83 -- C. Gather and Preserve Evidence 84 -- D. Prioritize the Treatment of the Incident Consistent with Your Response Plan 84 -- E. Establish Processes for Handling Vulnerability Disclosures 85 -- III. Mitigation 86 -- A. Take Steps to Contain the Incident 86 -- B. Decrease the Threat Level by Eliminating or Intercepting the Adversary as Soon as the Incident Occurs 87 -- C. Mitigate Vulnerabilities or Designate Them as Accepted Risk 88 -- IV. Recover 88 -- A. Recovery Plan Is Executed During or After a Cybersecurity Incident 89 -- B. Update Recovery Procedures Based on New Information as Recovery Gets Underway 91 -- C. |
|
Develop Relationships with Media to Accurately Disseminate Information and Engage in Reputational Damage Limitation 92 -- Summary 92 -- Chapter Quiz 93 -- Essential Reading for Developing a Continuity of Operations Plan 94 -- Chapter 5 Supply Chain Risk Management 95 -- Introduction 96 -- I. NIST Special Publication 800-161 96 -- II. Software Bill of Materials 97 -- III. NIST Revised Framework Incorporates Major Supply Chain Category 98 -- A. Identify, Establish, and Assess Cyber Supply Chain Risk Management Processes and Gain Stakeholder Agreement 98 -- B. Identify, Prioritize, and Assess Suppliers and Third-Party Partners of Suppliers 99 -- C. Develop Contracts with Suppliers and Third-Party Partners to Address Your Organization's Supply Chain Risk Management Goals 100 -- D. Routinely Assess Suppliers and Third-Party Partners Using Audits, Test Results, and Other Forms of Evaluation 101 -- E. Test to Make Sure Your Suppliers and Third-Party Providers Can Respond to and Recover from Service Disruption 102 -- Summary 103 -- Chapter Quiz 103 -- Essential Reading for Supply Chain Risk Management 104 -- Chapter 6 Manufacturing and Industrial Control Systems Security 105 -- Essential Reading on Manufacturing and Industrial Control Security 110 -- Appendix A: Helpful Advice for Small Organizations -- Seeking to Implement Some of the Book's Recommendations 111 -- Appendix B: Critical Security Controls Version 8.0 Mapped to NIST CSF v1.1 113 -- Answers to Chapter Quizzes 121 -- Index 131. |
| Subject |
Computer security -- Risk management.
|
|
Sécurité informatique -- Gestion du risque. |
| Added Author |
Haugli, Brian, author.
|
|
John Wiley & Sons, publisher.
|
| Other Form: |
Print version: Brumfield, Cynthia. Cybersecurity risk management Hoboken, NJ : John Wiley & Sons, Inc., 2022 9781119816287 (DLC) 2021024435 |
| ISBN |
9781119816348 electronic book |
|
1119816343 electronic book |
|
9781119816294 electronic book |
|
1119816297 electronic book |
|
1119816300 electronic book |
|
9781119816300 (electronic bk.) |
|
hardcover |
| Standard No. |
10.1002/9781119816348 doi |
|
More Resources