PROTECTION CONTROLS COMPILED UNDER NIST CYBER SECURITY FRAMEWORK
For many years defense standards emphasized the issue of "defending the organization", namely, preventing a penetration of the organization and its cyber assets. The current reality is different – organizations of all sizes are attacked, but these attacked only are detected, if at all, after a long time. Therefore, the American National Institute of Standards and Technology (NIST) devised a Framework for Improving Critical Infrastructure Cyber Security, investing both in the traditional preparation and protection phases as well as in the detection, containment, and recovery from cyber-attacks. The present Defense Methodology adopts the NIST Cyber Security Framework, binding together clusters of defense controls. Within this framework the organization is defended from attack, while its capabilities to detect a successful attack, contain it, and recover with minimum impact are augmented. These controls are based on international knowledge, adjusted for the Israeli economy, including emphases and examples to assist organizations in focusing their efforts more effectively.
IDENTIFY
Control Cluster:
- Board and Management responsibility
- Risk assessment and management
- Control, review, compatibility
PROTECT
Control Cluster:
- Access control
- Data defense
- Defending servers and workstations
- Preventing malicious code
- Encryption
- Network security
- Environment separation
- Cloud security
- Industrial controls defense
- Cellular security
- Change management
- Media security
- Supply chain and outsourcing security
- Purchase and development security
- Human resources and employee awareness
- Seminar
DETECT
Control Cluster:
- Documentation and monitoring
- Security controls reviews
- Proactive Cyber-Defense
RESPOND
Control Cluster:
- Event exercising
- Event management
RECOVER
Control Cluster:
- Business Continuity
From CYBER DEFENSE METHODOLOGY FOR AN ORGANIZATION VER. 1.0
Prime Minister's Office
National Cyber Directorate
National Cyber Security Authority