nist - All Articles - CISO Platform2024-03-29T12:36:23Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/nistEvaluating Cybersecurity Maturity Aligned To NIST: A Guide To Protecting Your Business in the Digital Agehttps://www.cisoplatform.com/profiles/blogs/evaluating-cybersecurity-maturity-aligned-to-nist-a-guide-to-prot2023-06-21T06:35:51.000Z2023-06-21T06:35:51.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p>In today's interconnected world, businesses face an ever-growing threat landscape of cyberattacks. The need to establish a robust cybersecurity posture and maturity level has become critical for organizations across industries. To achieve this, a comprehensive cybersecurity maturity model can serve as a valuable tool.</p>
<p> </p>
<h3><span style="font-size:14pt;"><strong>What Is The CyberSecurity Posture For An Organization ? </strong></span></h3>
<p>The <strong>cybersecurity posture</strong> of an organization refers to its current state in terms of its ability to protect against cyberattacks. It encompasses the collective strength of information security resources, including people, processes, and technology. Conducting a cybersecurity posture assessment involves evaluating the organization's network security and assessing the effectiveness of its information security resources and capabilities.</p>
<p><span style="font-size:12pt;"><a href="https://www.cisoplatform.com/top-100-ciso-awards-2023?utm_src=p_blog_maturitymodel" target="_blank">(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)</a></span></p>
<p> </p>
<h3><span style="font-size:14pt;"><strong>5 Stages In A Security Maturity Model</strong></span></h3>
<p>The security maturity model consists of five distinct stages: Awareness, Prevention, Detection, Response, and Recovery.</p>
<p><strong>1.Awareness:</strong></p>
<p>In the initial stage of security maturity, known as Awareness, organizations develop a fundamental understanding of cybersecurity risks and recognize the potential consequences associated with cyberattacks. They establish policies and procedures aimed at mitigating these risks effectively.</p>
<p><strong>2.Prevention:</strong></p>
<p>The second stage, known as Prevention, focuses on the implementation of robust controls and measures to proactively prevent cyberattacks. This includes the deployment of technologies such as firewalls, intrusion detection systems, and malware protection to safeguard critical assets.</p>
<p><strong>3.Detection:</strong></p>
<p>The third stage, Detection, involves the implementation of advanced monitoring capabilities and controls to detect cyberattacks promptly. Intrusion detection systems, log management, and security event monitoring are key components of this stage, enabling organizations to identify and respond to security incidents swiftly.</p>
<p><strong>4.Response:</strong></p>
<p>At the fourth stage, Response, organizations establish comprehensive plans and protocols to effectively respond to cyberattacks. These plans encompass containment strategies, eradication of threats, and the recovery of affected systems and data. The goal is to minimize the impact and restore normal operations as quickly as possible.</p>
<p><strong>5.Recovery:</strong></p>
<p>The final stage, Recovery, focuses on developing robust plans and procedures to facilitate the recovery process following a cyberattack. These plans encompass vital steps such as data backup and restoration, system recovery, and business continuity measures. The aim is to restore operations fully while ensuring the resilience of the organization.</p>
<p>By progressing through these stages of security maturity, organizations can bolster their cybersecurity defenses, enhance incident response capabilities, and minimize the impact of cyber threats on their operations.</p>
<p><a href="https://www.cisoplatform.com/top-100-ciso-awards-2023?utm_src=p_blog_maturitymodel" target="_blank"><span style="font-size:12pt;">(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)</span></a></p>
<p> </p>
<p> </p>
<h3><span style="font-size:14pt;"><strong>NIST CyberSecurity Frameworks To Use As Guideline</strong></span></h3>
<p>NIST Cybersecurity Framework : The National Institute of Standards and Technology (NIST) Cybersecurity Framework offers a valuable maturity model for evaluating an organization's cybersecurity readiness. This framework comprises five essential functions: Identify, Protect, Detect, Respond, and Recover.</p>
<p>Each function corresponds to a specific stage within the security maturity model and entails a distinct set of controls and measures. Through a comprehensive assessment of their position on the maturity model, organizations can pinpoint areas requiring enhancements in their cybersecurity posture.</p>
<p>Utilizing the NIST Cybersecurity Framework empowers businesses to fortify their defenses by identifying security gaps and establishing a clear path for improvement. By implementing the appropriate controls and measures at each stage of the maturity model, organizations can steadily advance toward achieving higher levels of cybersecurity maturity.</p>
<p>Link to implementation guide - <a href="https://www.nist.gov/itl/smallbusinesscyber/planning-guides/nist-cybersecurity-framework" target="_blank">https://www.nist.gov/itl/smallbusinesscyber/planning-guides/nist-cybersecurity-framework</a></p>
<p> </p>
<p><a href="https://media.licdn.com/dms/image/D5612AQF68Ek4LV8LSA/article-inline_image-shrink_1000_1488/0/1687328334929?e=1692835200&v=beta&t=a8tNufG5291OLdq_NfDRhpkJxC9kZpMyxCS2LckQSHw" target="_blank"><img class="align-full" src="https://media.licdn.com/dms/image/D5612AQF68Ek4LV8LSA/article-inline_image-shrink_1000_1488/0/1687328334929?e=1692835200&v=beta&t=a8tNufG5291OLdq_NfDRhpkJxC9kZpMyxCS2LckQSHw" width="1087" height="812" alt="1687328334929?e=1692835200&v=beta&t=a8tNufG5291OLdq_NfDRhpkJxC9kZpMyxCS2LckQSHw" /></a></p>
<p>Credit : Shared by a community member</p>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.cisoplatform.com/top-100-ciso-awards-2023?utm_src=p_blog_maturitymodel" target="_blank">(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)</a></span></p>
<p> </p>
<p> </p>
<p>In conclusion, establishing a robust cybersecurity posture and maturity level is paramount for organizations in the face of the ever-growing threat landscape of cyberattacks. By implementing a comprehensive cybersecurity maturity model, businesses can assess their current security capabilities, identify areas for improvement, and prioritize investments effectively. The five stages of the security maturity model—Awareness, Prevention, Detection, Response, and Recovery—provide a roadmap for organizations to enhance their cybersecurity defenses and incident response capabilities. Additionally, leveraging frameworks like the NIST Cybersecurity Framework offers valuable guidance for organizations to assess their readiness, identify gaps, and chart a clear path for improvement. By adopting these approaches, businesses can proactively protect their critical assets, ensure business continuity, and navigate the complex cybersecurity landscape with confidence.</p></div>NIST and Web Application Security:Is Your Organization Really Considering All of the Risks in the Enterprise?https://www.cisoplatform.com/profiles/blogs/nist-and-application-security-is-your-organization-really2013-05-16T13:30:00.000Z2013-05-16T13:30:00.000ZMark Wiremanhttps://www.cisoplatform.com/members/MarkWireman<div><p class="BasicParagraph">Writing not only functional but secure applications is not a new concept or idea that has taken the Industry by storm. However, many Government and Commercial Organizations are still not adhering to or requiring their Organizations to adopt, implement, and build in security into the Systems Development Life Cycle process. Instead, Organizations are continuing to focus on the functional aspects of software, only to be surprised when a weakness or vulnerability in the software leads to a compromise, resulting in thousands of records stolen in the process. So the fundemental question is why is this still a hard problem for Organizations to tackle?</p><p class="BasicParagraph">Application Security is still fraught with challenges (Challey, 2009) which gives Application Security the appearance of an enigma due to the following:</p><ul><li><b>Application Security Changes Rapidly</b><ul><li>With the growing landscape and priority of threats, vulnerabilities, and weaknesses, an Organization can quickly fall behind.</li></ul></li><li><b>Changing Landscape</b><ul><li>The technology landscape is constantly changing. This requires constant awareness and education of new technologies to prepare for and address new threat vectors and attack landscapes.</li></ul></li><li><b>Becoming an Enabler</b><ul><li>Security is typically viewed as a disabler because of the perception Security mandates and controls hinders and slows processes. Within the Software Development processes Security is viewed as an overhead in terms of additional financial and human resources as well as slowing down the “time to market” for the applications.</li></ul></li></ul><p class="BasicParagraph">Because of the stigma of Application Security as an enigma, the Challenges in the reasons implementing an Application Security program internally within an Organization, and the Gap in academia in teaching Developers how to write both functional and secure applications, Organizations – both Government and Commercial – <b><i>continue to be front page news items as a result of the compromise of one of their Applications</i></b>.</p><p class="BasicParagraph"><strong style="font-size:10pt;">(Read more: <span style="text-decoration:underline;color:#3366ff;"><a href="http://www.cisoplatform.com/profiles/blogs/how-to-have-unique-passwords-for-each-website-and-yet-remember" target="_blank"><span style="color:#3366ff;text-decoration:underline;">How to have unique passwords for each website and yet remember them easily?</span></a></span></strong>)</p><p class="BasicParagraph">Most Government Organizations and Commercial Organizations that work directly with the Government, deal with medical records, or are held to certain legal requirements are typically held to the regulatory requirement from a Security perspective of NIST (National institute of Standards and Technology). NIST provides specific guidelines known as Special Publications that an Organization can leverage to prepare their Organization for a NIST audit, certification, and accredidation. There an Organization must understand the NIST requirements and it is this understanding that allows allow the Organization to be uniquely positioned and prepared for and receive accredidation, especially with building security into your System Development Life Cycle (SDLC) process.</p><p class="BasicParagraph">(Kissel et al, 2008) offers a guide in building in the necessary security and controls into the various phases of the SDLC. (Kissel et al, 2008) is a complement to the Risk Management Framework presented in (Ross, 2011). To better understand the RMF and its relation to Application Security, the following 3 Tier (Ross, 2011) understanding of Risk controls within an Organization is adopted to identify where the SDLC fits in:</p><ol><li><b>Tier 1</b> – Organizational. A Risk Assessment at this Tier is focused on the Organization’s Information Security programs, policies, procedures, and guidance. Risk Acceptance, Avoidance, Mitigation, Sharing, and Transfer is a key element of the driver behind the IS Program. Investment decisions are then determined based on the Risk posture, to include procurement activities, controls, and monitoring activities. This is equivalent to the Management Controls listed in (Swanson, 2011) and (Guttman and Roback, 2006). From an SDLC perspective, this includes the Life Cycle Assessment process, focusing on a Program, Policies, and Procedures for SDLC Activities that include identification and remediation of Vulnerabilities within the SDLC Phases (Initiation, Deployment/Acquisition, Implementation/Assessment, Operation/Maintenance, and Disposal).</li></ol><p> </p><ol><li><b>Tier 2</b> – Mission / Business Processes. A Risk Assessment can implement Enterprise and Security Architecture design decisions, common Controls, Acquisition partners and Vendors, Risk Awareness for Business Processes, and demonstrating Security as a Business Enabler by interpreting Policies and Procedures as Business essentials that help in the streamlining of Business Operations vs a mandated necessary. From an SDLC perspective, this is building in the Gate Controls providing check-points between the Phases, Training, and Change Management.</li></ol><p><b> </b></p><ol><li><b>Tier 3</b> – Information Systems. A Risk Assessment can drive the design and implementation decisions for the Security Controls from a technology perspective. In addition, Operational decisions can be determined, which include monitoring, authorization, and maintenance. From an SDLC perspective, this is the implementation of the technologies in the Technical Controls that will be introduced to help meet the Gate requirements, as well as the Policy requirements for Identification and Authentication (I&A), Access Controls (Logical), and Auditing within the Applications.</li></ol><p class="BasicParagraph">It is, therefore, important to align your Organization with the requirements in NIST SP 800-64 with the Risk Management Framework. The approach breaks down each of the phases of the SDLC and within each phase, assign and align each Control Objective with a Control Number, Description, Level, and a recommended set of decision points to include within a Gate process that will provide for a Go / No Go decision to the next phase. Table 1 is a sample of the approach within the Initiation Phase of the SDLC:</p><table width="100%" border="1" cellspacing="0"><tbody><tr><td width="13%" nowrap="nowrap"><p align="center"><b>Control Number</b></p></td><td width="17%"><p align="center"><b>Control</b></p></td><td width="25%"><p align="center"><b>Description</b></p></td><td width="15%"><p align="center"><b>Metrics </b></p></td><td width="8%"><p align="center"><b>Level</b></p></td><td width="19%"><p align="center"><b>Recommended Control Gates</b></p></td></tr><tr><td width="100%" nowrap="nowrap" valign="bottom" colspan="6"><p><b>Initiation</b></p></td></tr><tr><td width="13%" nowrap="nowrap" valign="top"><p>I.1.1</p></td><td width="17%"><p>Identify sources of Security Requirements</p></td><td width="25%"><p>Security sources are requirements to implement security controls in accordance with laws, regulations, and compliance standards.</p></td><td width="15%" valign="bottom"><p>Number of Security Requirements<br /> % of Applications per Requirement</p></td><td width="8%" nowrap="nowrap"><p align="center">1</p></td><td width="19%" rowspan="6"><p><b>System Concept Review that verifies the concept is in line with Organization's objectives and budgetary constraints<br /> <br /> Performance requirements that has addressed all Security Requirements<br /> <br /> Enterprise Architecture alignment that aligns with IT standards and LoB requirements, as well as Security alignment to enable LoB by meeting Security Requirements with appropriate Security Services<br /> <br /> Risk Management review that provides a Risk view of the System that aligns with the Organization's level of acceptance</b></p></td></tr><tr><td width="13%" nowrap="nowrap" valign="top"><p>I.1.2</p></td><td width="17%"><p>Ensuring all Key Stakeholders have a Common Understanding</p></td><td width="25%"><p>All relevant Development, Security, and Business Stakeholders are fully aware of and an understanding of the Security Implications, Considerations, and Requirements per the Identified Sources as well as the Organization's Policies, Procedures, and Guidelines.</p></td><td width="15%"><p> </p></td><td width="8%" nowrap="nowrap"><p align="center">1</p></td></tr><tr><td width="13%" nowrap="nowrap" valign="top"><p>I.1.3</p></td><td width="17%"><p>Establishment of a Security Guide as part of the SDLC Process</p></td><td width="25%" valign="bottom"><p>The Guide consists of the following information: Security Responsibilities (Roles and Responsibilities); Security Reporting Metrics; Certification and Accreditation Process (Go / No Go Decision at appropriate Gates between Phases); Security Testing and Assessment Techniques (static code analysis, dynamic scanning, pentesting, fuzzing, etc); Security Document and Requirements Deliverables; Secure Design, Architecture, and Coding Practices (in accordance with Security Requirements).</p></td><td width="15%"><p> </p></td><td width="8%" nowrap="nowrap"><p align="center">2</p></td></tr><tr><td width="13%" nowrap="nowrap" valign="top"><p>I.2.1</p></td><td width="17%"><p>Security Categorization Process</p></td><td width="25%" valign="bottom"><p>A process is in place that will categorize the Application in accordance with the type of data being processed, the deployment location of the application, and the types of users of the application. A Business Impact Analysis procedure is an integral part of this process and should be expanded to include the Security Categorization of each Application. In addition to the classification of the Application, other factors to consider are the Confidentiality, Integrity, and Availability aspects of the Application's Business Requirements.</p></td><td width="15%"><p>% of Applications per Categorization</p></td><td width="8%" nowrap="nowrap"><p align="center">3</p></td></tr><tr><td width="13%" nowrap="nowrap" valign="top"><p>I.2.2</p></td><td width="17%"><p>Business Impact Assessment Process</p></td><td width="25%"><p>A process that identifies and documents the Line of Business (LoB) supported by the Application and how the LoB will impacted; identifies and documents core Components needed to maintain functionality of the Application (both Software and Hardware Components); identifies and documents the length of time the system can be down before the LoB is negatively impacted; identifies and documents the LoB's tolerance for the loss of data.</p></td><td width="15%"><p>Service Level Agreements per Component per Application (in Hrs)<br /> Number of Components per Application by Type, i.e. Software, Hardware<br /> Number of Applications per LoB by Categorization</p></td><td width="8%" nowrap="nowrap"><p align="center">4</p></td></tr><tr><td width="13%" nowrap="nowrap" valign="top"><p>I.3.1</p></td><td width="17%"><p>Secure Systems Development Process</p></td><td width="25%"><p>A documented Standards and Process for System (Software) Development that includes Security Best Practices; a Security Training Program for Developers, Managers, and Architects are required; Quality Management program is documented that includes planning, change management, and security testing (misuse cases, fuzzing, dynamic scanning); Separation of development, test, and operational facilities, where all facilities have been accredited; documented Secure Code Practices (common framework usage for common security functions; language specific secure coding requirements); implementation of source code repositories that adhere to role-based access procedures and logging enabled.</p></td><td width="15%"><p>% of Applications per Categorization that have a separate test environment<br /> % of Completed Training Requirement</p></td><td width="8%" nowrap="nowrap"><p align="center">5</p></td></tr></tbody></table><p align="center" class="BasicParagraph"><b>Table 1.</b> Example of mapping NIST Controls with the Initiation phase of the SDLC.</p><p class="BasicParagraph"><span class="font-size-2"><strong>(</strong></span>Watch more : <span style="color:#3366ff;"><b><a href="http://www.cisoplatform.com/video/5-implications-of-html-5-on-security"><span style="color:#3366ff;">5 Implications of HTML 5 on Security</span></a></b></span><strong style="font-size:10pt;">)</strong></p><p class="BasicParagraph"><span class="font-size-5"><strong>Conclusion</strong></span></p><p class="BasicParagraph">The most effective way to help your Organization to implement the Risk Management Framework (RMF) is to consider and include the increasing reliability on and growing complexity of Applications. Applications and the technologies used to develop and deploy to are constantly changing, and with this constant change the risk environment is also changing, resulting in the need to reduce risks before the Applications escape into the environment. With the inclusion of the SDLC as part of the RMF the following return on investment is provided:</p><ol><li>Early identification and mitigation of weaknesses, vulnerabilities, and misconfigurations resulting in lower cost of mitigation and remediation (Ponemon, 2010).</li><li>Awareness of potential integration and engineering issues resulting from mandatory controls, resulting in lower cost of integrating and engineering into the Application altnerate compensating controls.</li><li>Identification of shared controls and reusability security frameworks and application programming interfaces, resulting in lower development costs and reduction in impact to development schedule while simultanously improving the overall security of Application in the marketplace.</li><li>Ability to allow Executive management to make key decisions in a comprehensive Risk Management strategy, resulting in reduced risk to the Organization.</li></ol><h2>References</h2><ul><li>Kissel, R., et al. (2008). NIST SP 800-64 Rev 2: Security Considerations in the System Development Life Cycle. <a href="http://csrc.nist.gov/publications/PubsSPs.html">http://csrc.nist.gov/publications/PubsSPs.html</a>.</li><li>Ross, R. (2011). NIST Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View. <a href="http://www.nist.gov/manuscript-publication-search.cfm?pub_id=908030">http://www.nist.gov/manuscript-publication-search.cfm?pub_id=908030</a>.</li><li>Swanson, M. (2001). NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems. <a href="http://infohost.nmt.edu/~sfs/Regs/sp800-26.pdf">http://infohost.nmt.edu/~sfs/Regs/sp800-26.pdf</a>.</li><li>Guttman, B. and Roback, E. (2006). Special Pub 800-12 -- An Introduction to Computer Security: The NIST Handbook. <a href="http://csrc.nist.gov/publications/nistpubs/800-12/">http://csrc.nist.gov/publications/nistpubs/800-12/</a>.</li><li>Challey, D. (2009). Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence. <a href="https://www.owasp.org/index.php/Enterprise_Application_Security_-_GE's_approach_to_solving_root_cause_and_establishing_a_Center_of_Excellence">https://www.owasp.org/index.php/Enterprise_Application_Security_-_GE's_approach_to_solving_root_cause_and_establishing_a_Center_of_Excellence</a>.</li><li>Ponemon. (2010). Fifth Annual US Cost of Data Breach, January 2010. Retrieved from <a href="http://www.ponemon.org/data-security">http://www.ponemon.org/data-security</a>.</li></ul><p><span style="text-decoration:underline;" class="font-size-3"><strong><a href="http://www.cisoplatform.com/profiles/blog/new" target="_blank"> </a></strong></span></p><p></p><p>More: <span style="color:#3366ff;"><b><a href="http://www.cisoplatform.com/page/be-a-speaker"><span style="color:#3366ff;">Want to become a speaker and address the security community?</span></a></b><b> <a href="http://www.cisoplatform.com/page/be-a-speaker"><span style="color:#3366ff;">Click here</span></a></b></span> </p><p></p></div>Playbook for DDOS Security Responsehttps://www.cisoplatform.com/profiles/blogs/response-strategy-for-ddos2017-05-06T14:00:00.000Z2017-05-06T14:00:00.000ZAmit, CISO Platformhttps://www.cisoplatform.com/members/AmitCISOPlatform<div><p>(Author <strong>: Chandra Prakash Suryawanshi</strong>, SVP- India & APAC at Aujas Networks Pvt. Ltd. )</p><p><a href="{{#staticFileLink}}8669814897,original{{/staticFileLink}}"><br /></a> Information security incident management if often a combination of technical controls, processes, communication strategy, detailed procedure and plan. The objective of this blog is to look at modern techniques for effective incident detection, modelling of common security threats and preparation of a response to better validate, contain and respond to an information security incident.</p><p></p><p><b>We will see how an effective detection strategy leveraging an SIEM solution works, coupled by effective proactive methods to perform threat hunting, followed by a response procedures.</b></p><p><a href="http://www.cisoplatform.com/profiles/blogs/response-strategy-for-ddos" target="_blank"><img width="750" src="{{#staticFileLink}}8669808271,original{{/staticFileLink}}" class="align-full" alt="8669808271?profile=original" /></a></p><p></p><p>A <b>security</b> <b>event</b> is any observable occurrence in a system or network. Events include increase in encrypted communication, port and protocol mismatch, large https packet size, increase in file share, and a firewall blocking connection attempts with correlation to other system events. Adverse events are events with a negative consequence, such as system crashes, network packet floods, unauthorized use of system privileges, unauthorized access to sensitive data, and execution of malicious code that destroys data etc. All the information is generally available in logs from systems, applications, network devices and DBs, but the key is to craft appropriate detection rules, build use cases, reduce false positives, effective analysis and technology capability to provide historical data and analytics. We will first see how an effective detection technologies can be leveraged to identify attack and patterns with SIEM and allied technologies to help.</p><p></p><p>Let's talk about <b>Threat Hunting</b>. Threat hunting is a proactive way of looking for threats, using internal or external threat intelligence, information mining, reverse malware analysis or by running hypothesis based on risk.</p><p></p><p>As threat hunting is a data-driven process, it’s critical to collect large amounts of data for analysis. Logs from each of the three major security data domains (network, endpoint, and application) along with authentication logs for operating systems and applications are a good place to start, followed by network transactions, such as HTTP server and proxy logs and net flow records.</p><p></p><p>Any information security incident where perpetrators are known and/or their motives and objectives are clearly visible can be termed as an <b>attack</b> and once detected we need to craft an effective response procedure.</p><p></p><p>We will be seeing two critical information security response procedure, one will be DDOS, followed by an APT attack in line with the NIST process and framework</p><p></p><p>The information security incident response process has three main phases – detection and analysis, response and recovery, and post incident activities. Corresponding sub-stages with brief overview are shown below.</p><p><b><a href="{{#staticFileLink}}8669815481,original{{/staticFileLink}}"><img src="{{#staticFileLink}}8669815481,original{{/staticFileLink}}" width="608" class="align-full" alt="8669815481?profile=original" /></a> </b></p><p><b> </b></p><p><b>DDoS:</b></p><p><a href="{{#staticFileLink}}8669814897,original{{/staticFileLink}}"><img src="{{#staticFileLink}}8669814897,original{{/staticFileLink}}" width="668" class="align-full" alt="8669814897?profile=original" /></a></p><p><a href="{{#staticFileLink}}8669815081,original{{/staticFileLink}}"><img src="{{#staticFileLink}}8669815081,original{{/staticFileLink}}" width="669" class="align-full" alt="8669815081?profile=original" /></a></p><p><a href="{{#staticFileLink}}8669815098,original{{/staticFileLink}}"><img src="{{#staticFileLink}}8669815098,original{{/staticFileLink}}" width="668" class="align-full" alt="8669815098?profile=original" /></a></p><p><a href="{{#staticFileLink}}8669816077,original{{/staticFileLink}}"><img src="{{#staticFileLink}}8669816077,original{{/staticFileLink}}" width="667" class="align-full" alt="8669816077?profile=original" /></a></p><p><span class="font-size-3"><b> </b></span></p><p></p><p><em><span class="font-size-4">Here's a tool where you could compare all DDOS solutions. <a href="https://www.firecompass.com/security/market/DDOS?market_name=Distributed%20Denial%20of%20Service" target="_blank">Click here</a> . How does your DDOS handling process vary? Write to us in the comments below.</span></em></p><p></p><p></p><p></p></div>NIST Aligned Process For Threat Managementhttps://www.cisoplatform.com/profiles/blogs/incident-response-threat-management-nist-kill-chain-model2017-07-13T07:00:00.000Z2017-07-13T07:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p>This article highlights the Threat Management Process in Incident Response and brings in the understanding of the Kill chain model. Excerpts have been taken from a session presented at <a href="https://www.sacon.io/?utm_source=CP&utm_medium=BlogText1&utm_campaign=IRNISTKillChain_Sacon_Bang_2017" target="_blank">SACON - The Security Architecture Conference</a>. You can view the full slide <a href="http://www.cisoplatform.com/profiles/blogs/incident-response-validation-containment-forensics" target="_blank">here</a>.</p>
<p>For more in depth session on Incident Response, Threat Intel & many more - sign up for SACON <a href="https://www.sacon.io/?utm_source=CP&utm_medium=BlogText2&utm_campaign=IRNISTKillChain_Sacon_Bang_2017" target="_blank">here</a></p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/incident-response-threat-management-nist-kill-chain-model" target="_blank"><img width="668" src="{{#staticFileLink}}8669802465,original{{/staticFileLink}}" class="align-full" alt="8669802465?profile=original" /></a></p>
<p></p>
<p></p>
<p></p>
<p></p>
<p></p>
<p><strong><span class="font-size-5">3 Stages Of Incident LifeCycle<br /></span></strong></p>
<ul>
<li>Detection & Analysis</li>
<li>Response & Recovery</li>
<li>Post incident</li>
</ul>
<p></p>
<p><a href="{{#staticFileLink}}8669817271,original{{/staticFileLink}}"><img width="650" src="{{#staticFileLink}}8669817271,original{{/staticFileLink}}" class="align-full" alt="8669817271?profile=original" /></a></p>
<p></p>
<p>( <span id="docs-internal-guid-ca4027dd-3ad2-5798-177f-ebc58ecbc78e"><span>Read More:</span> <span><a href="http://www.cisoplatform.com/profiles/blogs/bad-usb-defense-strategies">Bad USB Defense Strategies</a> )</span><a href="http://www.cisoplatform.com/profiles/blogs/bad-usb-defense-strategies"><span><br class="kix-line-break" /></span></a></span></p>
<p></p>
<p></p>
<p></p>
<p><strong><span class="font-size-5">Threat Management - NIST Aligned Process</span></strong></p>
<p></p>
<table style="border:2px solid #000000;text-align:center;padding:0px;width:400px;">
<tbody id="my_table"><tr><td style="border:2px solid #000000;padding:2px;">Detection & Analysis</td>
<td style="border:2px solid #000000;padding:2px;">Detection & Analysis</td>
<td style="border:2px solid #000000;padding:2px;">Detection & Analysis</td>
<td style="border:2px solid #000000;padding:2px;">Response & Recovery</td>
<td style="border:2px solid #000000;padding:2px;">Response & Recovery</td>
<td style="border:2px solid #000000;padding:2px;">Response & Recovery</td>
<td style="border:2px solid #000000;padding:2px;">Post Incident</td>
</tr>
<tr><td style="border:2px solid #000000;padding:2px;">Analyse Logs and Information Security Events</td>
<td style="border:2px solid #000000;padding:2px;">Validate Incident Scale and Consequence</td>
<td style="border:2px solid #000000;padding:2px;">Based on priority, assemble ISIRT and notify appropriate parties and escalate incidents. (e.g.. critical & high priority crisis and emergency incidents escalated to Country Emergency Manager)</td>
<td style="border:2px solid #000000;padding:2px;">Direct ISIRT, develop incident response plan, activate rapid response team if needed and communicate incident to internal & external stakeholders</td>
<td style="border:2px solid #000000;padding:2px;">Eradicate technical vulnerabilities and incident root causes</td>
<td style="border:2px solid #000000;padding:2px;">Recover affected information systems and business operations</td>
<td style="border:2px solid #000000;padding:2px;">Document lessons learnt</td>
</tr>
<tr><td style="border:2px solid #000000;padding:2px;">Identify potential information security incidents</td>
<td style="border:2px solid #000000;padding:2px;">Assign consequence, severity and priority ratings</td>
<td style="border:2px solid #000000;padding:2px;"></td>
<td style="border:2px solid #000000;padding:2px;">Perform incident containment, investigation and root cause analysis, forensics and evidence management</td>
<td style="border:2px solid #000000;padding:2px;"></td>
<td style="border:2px solid #000000;padding:2px;"></td>
<td style="border:2px solid #000000;padding:2px;">Close Incident</td>
</tr>
<tr><td style="border:2px solid #000000;padding:2px;">Categorize incident</td>
<td style="border:2px solid #000000;padding:2px;">Review & confirm ratings</td>
<td style="border:2px solid #000000;padding:2px;"></td>
<td style="border:2px solid #000000;padding:2px;"></td>
<td style="border:2px solid #000000;padding:2px;"></td>
<td style="border:2px solid #000000;padding:2px;"></td>
<td style="border:2px solid #000000;padding:2px;">Create incident review report</td>
</tr>
<tr><td style="border:2px solid #000000;padding:2px;"></td>
<td style="border:2px solid #000000;padding:2px;">Endorse ratings</td>
<td style="border:2px solid #000000;padding:2px;"></td>
<td style="border:2px solid #000000;padding:2px;"></td>
<td style="border:2px solid #000000;padding:2px;"></td>
<td style="border:2px solid #000000;padding:2px;"></td>
<td style="border:2px solid #000000;padding:2px;">Develop and implement IS-IM improvement recommendations</td>
</tr>
</tbody>
</table>
<p></p>
<p>....view full table & slides <a href="http://www.cisoplatform.com/profiles/blogs/incident-response-validation-containment-forensics" target="_blank">here</a></p>
<p></p>
<p><span id="docs-internal-guid-ca4027dd-3ad2-c623-bb28-fbe95c66f92e"><span>( Read More:</span> <span><a href="http://www.cisoplatform.com/profiles/blogs/incident-response-how-to-respond-to-security-breach-first-24-hour">Incident Response: How To Respond To A Security Breach During First 24 Hours (Checklist)</a> )</span><a href="http://www.cisoplatform.com/profiles/blogs/incident-response-how-to-respond-to-security-breach-first-24-hour"><span><br class="kix-line-break" /></span></a></span></p>
<p></p>
<p></p>
<p></p>
<p><a href="https://www.sacon.io/?utm_source=CP&utm_medium=BlogBanner&utm_campaign=IRNISTKillChain_Sacon_Bang_2017" target="_blank"><img width="700" src="{{#staticFileLink}}8669802070,original{{/staticFileLink}}" class="align-full" alt="8669802070?profile=original" /></a></p>
<p></p>
<p></p>
<p></p></div>Security Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymorehttps://www.cisoplatform.com/profiles/blogs/security-automation-simplified-via-nist-oscal-we-re-not-in-kansas2018-06-18T05:30:00.000Z2018-06-18T05:30:00.000ZKuladeep Tummalahttps://www.cisoplatform.com/members/KuladeepTummala<div><p><span>COBIT, ISO/IEC 27001, NIST 800.53, PCI, oh my. The path to compliance is not a yellow brick road. IT professionals face a variety of security standards that they must meet simultaneously. This talk will present the NIST Open Security Controls Assessment Language (OSCAL) project as a way to standardize control, implementation and assessment information using an open, machine-readable format.<br /> <br /> Learning Objectives:<br /> 1: Understand how to leverage automation to secure systems against multiple standards.<br /> 2: Learn how OSCAL is designed and how it can be used.<br /> 3: Discover how you can be a part of developing this new standard of standards.</span></p><p></p><p></p><p><span style="font-size:14pt;"><strong>Speakers: Anil Karmel, David Waltermire</strong></span></p><p><span>Anil Karmel is the Co-Founder and CEO of C2 Labs, a company that partners with organizations on their digital transformation journey, from designing and implementing IT Strategic Plans to rationalizing application portfolios and cutting-edge R&D, allowing IT to take back control leveraging our forward-leaning products and services. Formerly, Karmel served as the National Nuclear Security Administration’s (NNSA) Deputy Chief Technology Officer. Within NNSA, Karmel served as the Chief Architect and Implementation Lead for a range of enterprise information technology solutions. Karmel and his team garnered industry and government accolades, including the SANS National Cybersecurity Innovators Award, InformationWeek 500 Top Government IT Innovators and the DOE Secretary’s Achievement Award.<br /></span></p><p><span>David Waltermire is the Lead Standards Architect for the Security Automation Program at the National Institute of Standards and Technology. He is a significant contributor to the National Vulnerability Database (NVD), Security Content Automation Protocol (SCAP), Continuous Monitoring and other security automation projects. He has worked as a Security Consultant advancing security automation capabilities within the government sector. His background is in systems and network operations for Internet service providers and also working as a Software Engineer designing and developing distributed systems. His research experience includes incident handling, continuous monitoring, vulnerability identification, anomaly detection, and data analysis and modelling techniques.</span></p><p></p><p></p><p><span style="font-size:14pt;"><strong>Detailed Presentation:</strong></span></p><p></p><p><iframe src="//www.slideshare.net/slideshow/embed_code/key/NPn7ZuUYsgY5Q7" width="595" height="485" frameborder="0" allowfullscreen=""></iframe></p><div style="margin-bottom:5px;"><strong><a href="//www.slideshare.net/cisoplatform7/security-automation-simplified-via-nist-oscal-were-not-in-kansas-anymore" title="Security Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymore" target="_blank">Security Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymore</a></strong> from <strong><a href="https://www.slideshare.net/cisoplatform7" target="_blank">Priyanka Aash</a></strong></div><div style="margin-bottom:5px;"><strong>(Source: RSA Conference USA 2018)</strong></div><div style="margin-bottom:5px;"><strong> </strong></div><div style="margin-bottom:5px;"><strong> </strong></div></div>