Forum

Notifications
Clear all

PROTECTION CONTROLS

1 Posts
1 Users
0 Reactions
2,888 Views
Posts: 108
Topic starter
(@taichi)
Member
Joined: 5 years ago

PROTECTION CONTROLS COMPILED UNDER NIST CYBER SECURITY FRAMEWORK

 

For many years defense standards emphasized the issue of "defending the organization", namely, preventing a penetration of the organization and its cyber assets. The current reality is different – organizations of all sizes are attacked, but these attacked only are detected, if at all, after a long time. Therefore, the American National Institute of Standards and Technology (NIST) devised a Framework for Improving Critical Infrastructure Cyber Security, investing both in the traditional preparation and protection phases as well as in the detection, containment, and recovery from cyber-attacks. The present Defense Methodology adopts the NIST Cyber Security Framework, binding together clusters of defense controls. Within this framework the organization is defended from attack, while its capabilities to detect a successful attack, contain it, and recover with minimum impact are augmented. These controls are based on international knowledge, adjusted for the Israeli economy, including emphases and examples to assist organizations in focusing their efforts more effectively.

 

IDENTIFY
Control Cluster:
- Board and Management responsibility
- Risk assessment and management
- Control, review, compatibility

 

PROTECT
Control Cluster:
- Access control
- Data defense
- Defending servers and workstations
- Preventing malicious code
- Encryption
- Network security
- Environment separation
- Cloud security
- Industrial controls defense
- Cellular security
- Change management

- Media security
- Supply chain and outsourcing security
- Purchase and development security
- Human resources and employee awareness
- Seminar

 

DETECT
Control Cluster:
- Documentation and monitoring
- Security controls reviews
- Proactive Cyber-Defense

 

RESPOND
Control Cluster:
- Event exercising
- Event management

 

RECOVER
Control Cluster:
- Business Continuity

 

From CYBER DEFENSE METHODOLOGY FOR AN ORGANIZATION VER. 1.0

Prime Minister's Office

National Cyber Directorate

National Cyber Security Authority

Share: