PROTECTION CONTROLS

TRA (Threat Risk Assessment)

Last Post by taichi 4 years ago

1 Posts

1 Users

0 Likes

2,721 Views

RSS

Posts: 108

taichi

Topic starter

Jul 04, 2020 1:45 pm

(@taichi)

Member

Joined: 4 years ago

PROTECTION CONTROLS COMPILED UNDER NIST CYBER SECURITY FRAMEWORK

For many years defense standards emphasized the issue of "defending the organization", namely, preventing a penetration of the organization and its cyber assets. The current reality is different – organizations of all sizes are attacked, but these attacked only are detected, if at all, after a long time. Therefore, the American National Institute of Standards and Technology (NIST) devised a Framework for Improving Critical Infrastructure Cyber Security, investing both in the traditional preparation and protection phases as well as in the detection, containment, and recovery from cyber-attacks. The present Defense Methodology adopts the NIST Cyber Security Framework, binding together clusters of defense controls. Within this framework the organization is defended from attack, while its capabilities to detect a successful attack, contain it, and recover with minimum impact are augmented. These controls are based on international knowledge, adjusted for the Israeli economy, including emphases and examples to assist organizations in focusing their efforts more effectively.

IDENTIFY
Control Cluster:
- Board and Management responsibility
- Risk assessment and management
- Control, review, compatibility

PROTECT
Control Cluster:
- Access control
- Data defense
- Defending servers and workstations
- Preventing malicious code
- Encryption
- Network security
- Environment separation
- Cloud security
- Industrial controls defense
- Cellular security
- Change management

- Media security
- Supply chain and outsourcing security
- Purchase and development security
- Human resources and employee awareness
- Seminar

DETECT
Control Cluster:
- Documentation and monitoring
- Security controls reviews
- Proactive Cyber-Defense

RESPOND
Control Cluster:
- Event exercising
- Event management

RECOVER
Control Cluster:
- Business Continuity

From CYBER DEFENSE METHODOLOGY FOR AN ORGANIZATION VER. 1.0

Prime Minister's Office

National Cyber Directorate

National Cyber Security Authority

Topic Tags

Security Controls NIST

RE: Qualys Troubleshooting

*NIX Authenticated Scan Process and Commands ...

By netsec , 10 months ago
RE: Qualys Troubleshooting

Set Up Unix Authentication Which technologies are s...

By netsec , 10 months ago
RE: Qualys Troubleshooting

Issue: The host was not scanned with authentication usi...

By netsec , 10 months ago
Qualys Troubleshooting

Troubleshooting "Hosts Not Alive" Problem ...

By netsec , 10 months ago
RE: GNS3 Resources

GNS3 2.2.5 (LITE vs PROLITE vs ULTIMATE) A...

By taichi , 1 year ago
GNS3 Resources

GNS3 2.2.18 v2p (LOADED) gdrive : download 61GB – Need...

By taichi , 1 year ago
Azure Security Resources Collection

Mitigate threats using Microsoft 365 Defender WEB P...

By taichi , 1 year ago
Introducing Organizational Threat Models

Threat models serve as a pattern that allow organizatio...

By netsec , 1 year ago
Surface Pro 7 Issues

1. Screen flicking 2. Random shutdown 3. Color chan...

By netsec , 2 years ago

PROTECTION CONTROLS

Like this:

Top Forum Topics

Forum

PROTECTION CONTROLS

Share this:

Like this: