Название: Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework Автор: Cynthia Brumfield and Brian Haugli Издательство: Wiley Год: 2022 Страниц: 224 Язык: английский Формат: epub Размер: 10.2 MB
Cybersecurity Risk Management In Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework, veteran technology analyst Cynthia Brumfield, with contributions from cybersecurity expert Brian Haugli, delivers a straightforward and up-to-date exploration of the fundamentals of cybersecurity risk planning and management. The book offers readers easy-to-understand overviews of cybersecurity risk management principles, user, and network infrastructure planning, as well as the tools and techniques for detecting cyberattacks. The book also provides a roadmap to the development of a continuity of operations plan in the event of a cyberattack.
With incisive insights into the Framework for Improving Cybersecurity of Critical Infrastructure produced by the United States National Institute of Standards and Technology (NIST), Cybersecurity Risk Management presents the gold standard in practical guidance for the implementation of risk management best practices. Filled with clear and easy-to-follow advice, this book also offers readers:
- A concise introduction to the principles of cybersecurity risk management and the steps necessary to manage digital risk to systems, assets, data, and capabilities - A valuable exploration of modern tools that can improve an organization’s network infrastructure protection - A practical discussion of the challenges involved in detecting and responding to a cyberattack and the importance of continuous security monitoring - A helpful examination of the recovery from cybersecurity incidents
The term cyberattack is a moving target as digital threats multiply. We define “cyberattack” as an attempt to bypass security mechanisms put in place for IT and OT systems, to otherwise use an IT or OT system without authorization, or to abuse existing privileges. Most cybersecurity professionals draw sharp lines around what constitutes attacks, preferring such cybersecurity incidents as unauthorized access to be called just that, “incidents,” rather than the more inflammatory term “attacks.” As each event in a system occurs, the intrusion detection system stores data surrounding that event, reviews each log event, and looks for patterns associated with an intrusion or attack. While an individual intrusion detection system can look at only one system, a log file monitor can examine data across multiple systems. Information regarding an incident might end up recorded in several places, such as firewalls, routers, network IDPSs (intrusion detection and protection systems), host IDPSs, and application logs. For the intrusion detection (and prevention) system to work, it’s crucial to create a centralized log file. A log file monitor can look at multiple logs from different systems. Make sure to configure all your systems and devices to send data back to the log file monitor. These systems are commonly referred to as security information and event management or SIEMs.
Because attackers can gain entry into networks and systems from a growing array of vectors, using a wide variety of existing and emerging attack tools, you should develop strategies for detecting breaches as soon as possible. These strategies should take into account all the various openings through which attackers can slide. Network and host-based monitoring solutions, such as EDR (endpoint detection and response) that oversee systems’ operations via various software tools, are essential in detecting and reporting many assets’ failures. These systems will measure CPU utilization, network bandwidth, and other aspects of operations and send out messages over the network to check if operations are normal. These monitoring solutions should also send out alerts to designated destinations (e-mails, servers, or phones) to notify about anomalies. There are built-in functions with applications that allow you to monitor devices on the network. One to start with is a traffic analyzer, either virtual or physical. Connecting a laptop or server to ingest network traffic into a security monitoring solution can be a good start. There are also several open-source and free software solutions available. One solution that stands out for many administrators to begin network monitoring with is Security Onion. Security Onion is an open-source Linux distribution purpose built for threat hunting, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro/Zeek, Wazuh, Sguil, Squert, NetworkMiner, and many other security tools. There are many network monitoring solutions to choose from, and it’s vital to pick the right one based on your risk assessment, configuration, and strategies for detecting breaches.
Perfect for undergraduate and graduate students studying cybersecurity, Cybersecurity Risk Management is also an ideal resource for IT professionals working in private sector and government organizations worldwide who are considering implementing, or who may be required to implement, the NIST Framework at their organization.
Скачать Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework