Cybersecurity Risk Management

Table of contents

1. Cover
2. Title page
3. Copyright
4. Dedication
5. Academic Foreword
6. Acknowledgments
7. Preface – Overview of the NIST Framework
   1. Background on the Framework
   2. Framework Based on Risk Management
   3. The Framework Core
   4. Framework Implementation Tiers
   5. Framework Profile
   6. Other Aspects of the Framework Document
   7. Recent Developments At Nist
8. CHAPTER 1 Cybersecurity Risk Planning and Management
   1. Introduction
   2. I. What Is Cybersecurity Risk Management?
      1. A. Risk Management Is a Process
   3. II. Asset Management
      1. A. Inventory Every Physical Device and System You Have and Keep the Inventory Updated
      2. B. Inventory Every Software Platform and Application You Use and Keep the Inventory Updated
      3. C. Prioritize Every Device, Software Platform, and Application Based on Importance
      4. D. Establish Personnel Security Requirements Including Third-Party Stakeholders
   4. III. Governance
      1. A. Make Sure You Educate Management about Risks
   5. IV. Risk Assessment and Management
      1. A. Know Where You’re Vulnerable
      2. B. Identify the Threats You Face, Both Internally and Externally
      3. C. Focus on the Vulnerabilities and Threats That Are Most Likely AND Pose the Highest Risk to Assets
      4. D. Develop Plans for Dealing with the Highest Risks
   6. Summary
   7. Chapter Quiz
   8. Essential Reading on Cybersecurity Risk Management
9. CHAPTER 2 User and Network Infrastructure Planning and Management
   1. I. Introduction
   2. II. Infrastructure Planning and Management Is All about Protection, Where the Rubber Meets the Road
      1. A. Identity Management, Authentication, and Access Control
         1. 1. Always Be Aware of Who Has Access to Which System, for Which Period of Time, and from Where the Access Is Granted
         2. 2. Establish, Maintain, and Audit an Active Control List and Process for Who Can Physically Gain Access to Systems
         3. 3. Establish Policies, Procedures, and Controls for Who Has Remote Access to Systems
         4. 4. Make Sure That Users Have the Least Authority Possible to Perform Their Jobs and Ensure That at Least Two Individuals Are Responsible for a Task
         5. 5. Implement Network Security Controls on All Internal Communications, Denying Communications among Various Segments Where Necessary
      2. A Word about Firewalls
         1. 6. Associate Activities with a Real Person or a Single Specific Entity
         2. 7. Use Single– or Multi–Factor Authentication Based on the Risk Involved in the Interaction
   3. III. Awareness and Training
      1. A. Make Sure That Privileged Users and Security Personnel Understand Their Roles and Responsibilities
   4. IV. Data Security
      1. A. Protect the Integrity of Active and Archived Databases
      2. B. Protect the Confidentiality and Integrity of Corporate Data Once It Leaves Internal Networks
      3. C. Assure That Information Can Only Be Accessed by Those Authorized to Do So and Protect Hardware and Storage Media
      4. D. Keep Your Development and Testing Environments Separate from Your Production Environment
      5. E. Implement Checking Mechanisms to Verify Hardware Integrity
   5. V. Information Protection Processes and Procedures
      1. A. Create a Baseline of IT and OT Systems
      2. B. Manage System Configuration Changes in a Careful, Methodical Way
   6. A Word about Patch Management
      1. C. Perform Frequent Backups and Test Your Backup Systems Often
      2. D. Create a Plan That Focuses on Ensuring That Assets and Personnel Will Be Able to Continue to Function in the Event of a Crippling Attack or Disaster
   7. VI. Maintenance
      1. A. Perform Maintenance and Repair of Assets and Log Activities Promptly
      2. B. Develop Criteria for Authorizing, Monitoring, and Controlling All Maintenance and Diagnostic Activities for Third Parties
   8. VII. Protective Technology
      1. A. Restrict the Use of Certain Types of Media On Your Systems
      2. B. Wherever Possible, Limit Functionality to a Single Function Per Device (Least Functionality)
      3. C. Implement Mechanisms to Achieve Resilience on Shared Infrastructure
   9. Summary
   10. Chapter Quiz
   11. Essential Reading on Network Management
10. CHAPTER 3 Tools and Techniques for Detecting Cyber Incidents
    1. Introduction
    2. What Is an Incident?
    3. I. Detect
       1. A. Anomalies and Events
          1. 1. Establish Baseline Data for Normal, Regular Traffic Activity and Standard Configuration for Network Devices
          2. 2. Monitor Systems with Intrusion Detection Systems and Establish a Way of Sending and Receiving Notifications of Detected Events; Establish a Means of Verifying, Assessing, and Tracking the Source of Anomalies
       2. A Word about Antivirus Software
          1. 3. Deploy One or More Centralized Log File Monitors and Configure Logging Devices throughout the Organization to Send Data Back to the Centralized Log Monitor
          2. 4. Determine the Impact of Events Both Before and After they Occur
          3. 5. Develop a Threshold for How Many Times an Event Can Occur Before You Take Action
       3. B. Continuous Monitoring
          1. 1. Develop Strategies for Detecting Breaches as Soon as Possible, Emphasizing Continuous Surveillance of Systems through Network Monitoring
          2. 2. Ensure That Appropriate Access to the Physical Environment Is Monitored, Most Likely through Electronic Monitoring or Alarm Systems
          3. 3. Monitor Employee Behavior in Terms of Both Physical and Electronic Access to Detect Unauthorized Access
          4. 4. Develop a System for Ensuring That Software Is Free of Malicious Code through Software Code Inspection and Vulnerability Assessments
          5. 5. Monitor Mobile Code Applications (e.g., Java Applets) for Malicious Activity by Authenticating the Codes’ Origins, Verifying their Integrity, and Limiting the Actions they Can Perform
          6. 6. Evaluate a Provider’ s Internal and External Controls’ Adequacy and Ensure they Develop and Adhere to Appropriate Policies, Procedures, and Standards; Consider the Results of Internal and External Audits
          7. 7. Monitor Employee Activity for Security Purposes and Assess When Unauthorized Access Occurs
          8. 8. Use Vulnerability Scanning Tools to Find Your Organization’ s Weaknesses
       4. C. Detection Processes
          1. 1. Establish a Clear Delineation between Network and Security Detection, with the Networking Group and the Security Group Having Distinct and Different Responsibilities
          2. 2. Create a Formal Detection Oversight and Control Management Function; Define Leadership for a Security Review, Operational Roles, and a Formal Organizational Plan; Train Reviewers to Perform Their Duties Correctly and Implement the Review Process
          3. 3. Test Detection Processes Either Manually or in an Automated Fashion in Conformance with the Organization’ s Risk Assessment
          4. 4. Inform Relevant Personnel Who Must Use Data or Network Security Information about What Is Happening and Otherwise Facilitate Organizational Communication
          5. 5. Document the Process for Event Detection to Improve the Organization’ s Detection Systems
    4. Summary
    5. Chapter Quiz
    6. Essential Reading for Tools and Techniques for Detecting a Cyberattack
11. CHAPTER 4 Developing a Continuity of Operations Plan
    1. Introduction
    2. A. One Size Does Not Fit All
    3. I. Response
       1. A. Develop an Executable Response Plan
       2. B. Understand the Importance of Communications in Incident Response
       3. C. Prepare for Corporate–Wide Involvement During Some Cybersecurity Attacks
    4. II. Analysis
       1. A. Examine Your Intrusion Detection System in Analyzing an Incident
       2. B. Understand the Impact of the Event
       3. C. Gather and Preserve Evidence
       4. D. Prioritize the Treatment of the Incident Consistent with Your Response Plan
       5. E. Establish Processes for Handling Vulnerability Disclosures
    5. III. Mitigation
       1. A. Take Steps to Contain the Incident
       2. B. Decrease the Threat Level by Eliminating or Intercepting the Adversary as Soon as the Incident Occurs
       3. C. Mitigate Vulnerabilities or Designate Them as Accepted Risk
    6. IV. Recover
       1. A. Recovery Plan Is Executed During or After a Cybersecurity Incident
       2. B. Update Recovery Procedures Based on New Information as Recovery Gets Underway
       3. C. Develop Relationships with Media to Accurately Disseminate Information and Engage in Reputational Damage Limitation
    7. Summary
    8. Chapter Quiz
    9. Essential Reading for Developing a Continuity of Operations Plan
12. CHAPTER 5 Supply Chain Risk Management
    1. Introduction
    2. I. NIST Special Publication 800–161
    3. II. Software Bill of Materials
    4. III. NIST Revised Framework Incorporates Major Supply Chain Category
       1. A. Identify, Establish, and Assess Cyber Supply Chain Risk Management Processes and Gain Stakeholder Agreement
       2. B. Identify, Prioritize, and Assess Suppliers and Third-Party Partners of Suppliers
       3. C. Develop Contracts with Suppliers and Third-Party Partners to Address Your Organization舗s Supply Chain Risk Management Goals
       4. D. Routinely Assess Suppliers and Third-Party Partners Using Audits, Test Results, and Other Forms of Evaluation
       5. E. Test to Make Sure Your Suppliers and Third-Party Providers Can Respond to and Recover from Service Disruption
    5. Summary
    6. Chapter Quiz
    7. Essential Reading for Supply Chain Risk Management
13. CHAPTER 6 Manufacturing and Industrial Control Systems Security
    1. Essential Reading on Manufacturing and Industrial Control Security
14. Appendix A: Helpful Advice for Small Organizations Seeking to Implement Some of the Book’s Recommendations
15. Appendix B: Critical Security Controls Version 8.0 Mapped to NIST CSF v1.1
16. Answers to Chapter Quizzes
17. Index
18. End User License Agreement