Infrastructure Security in the Real World PDF

Summary

This document discusses infrastructure security in the real world, focusing on the NIST Cybersecurity Framework. It covers understanding the framework, its functions, and relevant cybersecurity scenarios.

Full Transcript

Infrastructure Security in the Real World In this chapter, you’ll learn to: Understand the relevance of infrastructure security Describe the functions, categories, subcategories, and reference structure of the NIST Cybersecurity Framework Apply the NIST Framework references to specific c...

Infrastructure Security in the Real World In this chapter, you’ll learn to: Understand the relevance of infrastructure security Describe the functions, categories, subcategories, and reference structure of the NIST Cybersecurity Framework Apply the NIST Framework references to specific cybersecurity scenarios NIST Security Framework This frameworks was developed by the U.S. National Institute of Standards and Technology to provide cybersecurity guidelines for Improving Critical Infrastructure Cybersecurity ( under executive order 13636.) The Framework provides a common language for understanding, managing, and expressing cybersecurity risk both internally and externally. The ultimate goal of this initiative is to provide guidelines for the nation’s critical infrastructure in business, industry, and utility organizations to reduce their cybersecurity risks. Different types of entities can use the Framework for different purposes, including the creation of common Profiles. 9/17/2024 2 ITCY401 - By Instructor : Dr. Ali Zolait NIST Security Framework The Framework Core provides a set of activities to achieve specific cybersecurity outcomes, and references examples of guidance to achieve those outcomes. ✓ The Core is not a checklist of actions to perform. ✓ It presents key cybersecurity outcomes identified by industry as helpful in managing cybersecurity risk. ✓ The Core comprises four elements: Functions, Categories, Subcategories, and Informative References, as depicted Framework Core Structure in the Figure Source : NIST 9/17/2024 3 ITCY401 - By Instructor : Dr. Ali Zolait The Electrical Substation Infrastructure Security Scenario 1 You are in charge of planning and implementing a security system for a new electrical substation that will be built next to a new housing development. The substation is equipped with high-voltage electrical switching gear for the surrounding community. It is not manned on a full-time basis but does have a control building that houses instrumentation and communication equipment, as shown in Figure 1.1. 9/17/2024 4 ITCY401 - By Instructor : Dr. Ali Zolait Risk Assessment 1 From the information provided in this first scenario, consider the National Institute of Standards and Technology (NIST) functions and record your observations as they relate to each category. 9/17/2024 5 ITCY401 - By Instructor : Dr. Ali Zolait Understanding NIST References NIST references the function, the category, and the subcategory. 9/17/2024 6 ITCY401 - By Instructor : Dr. Ali Zolait Identify Function ✓ Create an inventory of physical assets (devices and systems) within the substation (NIST ID.AM-1). ✓ The Identify Function assists in developing an organizational understanding of managing cybersecurity risk to systems, people, assets, data, and capabilities Example Outcomes: Identifying physical and software assets to establish an Asset Management program Identifying cybersecurity policies to define a Governance program Identifying a Risk Management Strategy for the organization 7 ITCY401 - By Instructor : Dr. Ali Zolait Protect Function ✓Describe in general how you might go about protecting the physical assets identified in the previous point (NIST PR.AC-2). ✓The Protect Function supports the ability to limit or contain the impact of potential cybersecurity events and outlines safeguards for delivery of critical services 8 ITCY401 - By Instructor : Dr. Ali Zolait Protect Function – cont. Example Outcomes: Establishing Data Security protection to protect the confidentiality, integrity, and availability Managing Protective Technology to ensure the security and resilience of systems and assists Empowering staff within the organization through Awareness and Training. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. 9 ITCY401 - By Instructor : Dr. Ali Zolait Detect Function ✓ How would you know if someone or something was attempting to access, disable, degrade, or destroy one or more of the devices and/or systems in the substation? How could you detect anomalies and events that might impact the operation of the substation (NIST DE.CM-2, 8)? ✓ The Detect Function defines the appropriate activities to identify the occurrence of a cybersecurity event in a timely manner Example Outcomes: Implementing Security Continuous Monitoring capabilities to monitor cybersecurity events Ensuring Anomalies and Events are detected, and their potential impact is understood Verifying the effectiveness of protective measures Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes. 10 ITCY401 - By Instructor : Dr. Ali Zolait Respond Function ✓ How would you need to respond to the anomalies and events you’ve identified through the devices, systems, and steps you would implement in the previous point (NIST RS.AN-1, 2, 3)? ✓ The Respond Function includes appropriate activities to take action regarding a detected cybersecurity incident to minimize impact Example Outcomes: Ensuring Response Planning processes are executed during and after an incident Managing Communications during and after an event Analyzing effectiveness of response activities Examples of outcome this Function include: Response Planning; Communications;. Analysis; Mitigation; and 11 Improvements ITCY401 - By Instructor : Dr. Ali Zolait The Recover Function ✓ What steps could be put in place to recover from actions intended to access, disable, degrade, or destroy the assets you’ve identified (NIST RC.RP-1)? ✓ The Recover Function identifies appropriate activities to maintain plans for resilience and to restore services impaired during cybersecurity incidents Example Outcomes: Ensuring the organization implements Recovery Planning processes and procedures Implementing improvements based on lessons learned Coordinating communications during recovery activities Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications. 12 ITCY401 - By Instructor : Dr. Ali Zolait Identify ID.AM: Asset Management Create an inventory of physical assets (devices and systems) within the organization (NIST Framework Subcategories ID.AM-1). – ID.AM-1: Physical devices and systems within the organization are inventoried Create an inventory of cyber assets (software platforms and applications) within the organization (NIST ID.AM-2). – ID.AM-2: Software platforms and applications within the organization are inventoried 9/17/2024 13 ITCY401 - By Instructor : Dr. Ali Zolait Identify ID.BE: Business Environment Prioritize the organization’s assets based on their criticality or value to the business functions of the organization (NIST ID. BE-3). – ID.BE-3: Priorities for organizational mission, Framework Subcategories objectives, and activities are established and communicated Identify any assets that produce dependencies or provide critical functions for any of the organization’s critical services (NIST ID.BE-4). – ID.BE-4: Dependencies and critical functions for delivery of critical services are established 9/17/2024 14 ITCY401 - By Instructor : Dr. Ali Zolait Identify ID.RA: Risk Assessment Create a risk assessment of asset vulnerabilities identified (NIST ID.RA-1, 3). Framework Subcategories – ID.RA-1: Asset vulnerabilities are identified and documented – ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources – ID.RA-3: Threats, both internal and external, are identified and documented 9/17/2024 15 ITCY401 - By Instructor : Dr. Ali Zolait Protect PR.AC :Protect Access Create a policy for managing access to Framework Subcategories authorized devices and resources based on the following items (NIST PR.AC-1). – Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes Create a method for controlling physical access to secured assets (NIST PR.AC-2). – Physical access to assets is managed and protected 9/17/2024 16 ITCY401 - By Instructor : Dr. Ali Zolait Protect PR.AT: Awareness and Training Create an action plan for informing and Framework Subcategories training general employees (NIST PR.AT-1). – PR.AT-1: All users are informed and trained Create a plan for helping privileged users to understand their job roles and responsibilities (NIST PR.AT-2). – PR.AT-2: Privileged users understand their roles and responsibilities 9/17/2024 17 ITCY401 - By Instructor : Dr. Ali Zolait Detect DE.CM: Security Continuous Monitoring Which types of systems must be in place to identify occurrences of physical security Framework Subcategories breaches (NIST DE.CM-2)? – DE.CM-2: The physical environment is monitored to detect potential cybersecurity events Which types of systems must be in place to monitor personnel activity to detect potential cybersecurity threats (NIST DE.CM-3)? – DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events 9/17/2024 18 ITCY401 - By Instructor : Dr. Ali Zolait Recover RC.RP: Recovery Planning RC.CO: Communications Framework Subcategories Which type of recovery plan might be needed for general physical security breaches that occur at one of the cubicles in the facility (NIST RC.RP-1)? – RC.RP-1: Recovery plan is executed during or after a cybersecurity incident Which items might a recovery plan include if server security is breached at the facility (NIST RC.CO-1, 2)? – RC.CO-1: Public relations are managed – Reputation is repaired after an incident 9/17/2024 19 ITCY401 - By Instructor : Dr. Ali Zolait Respond RS.AN: Analysis RS.CO: Communications Framework Subcategories Which type of response plan might be necessary when general physical security is breached at the facility (NIST RS.AN-1, 2, 3)? – RS.AN-1: Notifications from detection systems are investigated – RS.AN-2: The impact of the incident is understood – RS.AN-3: Forensics are performed Consider the information kept on the company’s servers. Which type of response plan might be necessary when physical security is breached in the server room (NIST RS.CO-4, 5)? – RS.CO-4: Coordination with stakeholders occurs consistent with response plans – RS.CO-5: Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness 9/17/2024 20 ITCY401 - By Instructor : Dr. Ali Zolait Recover Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired Framework Subcategories due to a cybersecurity incident. RC.CO: Communications Restoration activities are coordinated with internal and external parties (e.g. coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors). - RC.CO-3: Recovery activities are communicated to internal and external RC.IM: Improvements Recovery planning and processes are improved by incorporating lessons learned into future activities. -RC.IM-2: Recovery strategies are updated RC.RP: Recovery Planning Recovery processes and procedures are executed and maintained to ensure restoration of systems or assets affected by cybersecurity incidents. 9/17/2024 21 ITCY401 - By Instructor : Dr. Ali Zolait

Use Quizgecko on...
Browser
Browser