Scribd Logo
Upload

Welcome to Scribd!

  • Chapter 1 - NIST Cybersecurity Framework

    Uploaded by

    Shantam
    22 views2 pages
    gghhghghg

    Original Title

    TOC - 080917

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    gghhghghg

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views2 pages

    Chapter 1 - NIST Cybersecurity Framework

    Uploaded by

    Shantam
    gghhghghg

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Contents

    Chapter 1 - NIST Cybersecurity Framework


    History of the NIST Cybersecurity Framework ........................................................................ 1-3
    Critical Infrastructure Sectors ................................................................................................... 1-4
    Framework Core Structure ........................................................................................................ 1-11
    Framework Tiers ....................................................................................................................... 1-17
    Framework Profiles ................................................................................................................... 1-22
    Alignment with Other Standards .............................................................................................. 1-24

    Chapter 2 - Building Cybersecurity Program


    What is a Cybersecurity Program? ........................................................................................... 2-3
    Key Components of a Cybersecurity Program ......................................................................... 2-4
    What Should a Basic Cybersecurity Program Cover? .............................................................. 2-9
    Steps to Create a Cybersecurity Program ................................................................................. 2-10
    Define Roles and Responsibilities ............................................................................................ 2-11
    Security Controls ...................................................................................................................... 2-18
    Policies and Procedures ............................................................................................................ 2-23
    Risk Management ..................................................................................................................... 2-26

    Chapter 3 - Building a Risk Management Program


    Risk Management ..................................................................................................................... 3-3
    Guide for Conducting Cybersecurity Risk Assessments .......................................................... 3-5
    Step 1: System Characterization ............................................................................................... 3-8
    Step 2: Threat Identification ..................................................................................................... 3-15
    Step 3: Vulnerability Identification ........................................................................................... 3-20
    Step 4: Control Analysis ........................................................................................................... 3-25
    Step 5: Likelihood Determination ............................................................................................. 3-29
    Step 6: Impact Analysis ............................................................................................................ 3-32
    Step 7: Risk Determination ....................................................................................................... 3-37
    Step 8: Control Recommendations ........................................................................................... 3-42
    Step 9: Results Documentation ................................................................................................. 3-48

    i
    Chapter 4 - Addressing People and Policy Security Risks
    People & Policy Risks Overview .............................................................................................. 4-4
    Cybersecurity Policy and Program ........................................................................................... 4-5
    Security Awareness and Training .............................................................................................. 4-19

    Chapter 5 - Addressing Process & Technology Risk


    Process Risk Overview ............................................................................................................. 5-5
    Operational Security Risks ....................................................................................................... 5-6
    Insecure Software Development Life Cycle (SDLC) Risks ..................................................... 5-15
    Physical Security Risks ............................................................................................................. 5-20
    Third-Party Relationship Risks ................................................................................................. 5-30
    Technology Risk Overview ....................................................................................................... 5-33
    Network Security Risks ............................................................................................................ 5-34
    Platform Risks ........................................................................................................................... 5-40
    Application Layer Risks ........................................................................................................... 5-44

    Chapter 6 - Incident Response Planning


    Incident Response Plan Categories ........................................................................................... 6-4
    General Incident Response Preparation .................................................................................... 6-6
    Forming an Incident Response (IR) Team ................................................................................ 6-8
    Secure Communications ........................................................................................................... 6-14
    Monitoring Services .................................................................................................................. 6-16
    Log Management Policies and Procedures ............................................................................... 6-19

    Chapter 7 - Incident Response Management and Disaster Recovery


    Cyber Security Incidents Overview .......................................................................................... 7-3
    Basic Incident Response Cycle ................................................................................................. 7-8
    Step 1: Determine if there is an Incident .................................................................................. 7-9
    Step 2: Communicate the Incident ............................................................................................ 7-10
    Step 3: Determining How to Handle the Incident ..................................................................... 7-11
    Step 4: Organize Incident Response Team ............................................................................... 7-17
    Step 5: Containment: Limit the Damage and Prevent any Further Damage ............................. 7-22
    Step 6: Perform Disaster Recovery ........................................................................................... 7-25
    Step 7: Is the Incident Really Eradicated? ................................................................................ 7-26

    ii

    You might also like