first stage pptx.pptx

Full Transcript

The Preventive stage deploys preventive measures
against possible cyber-risks and incidents by installing.and configuring ICT assets

The Enforcement stage enforces security measures and
policies prepared in the Preventive stage. Routine.operations during peacetime fall into this stage

The Detection stage detects cybersecurity incidents and
risks. Upon detection, it triggers Responsive stage.operations

The Responsive stage handles detected incidents and
risks and collaborates with external entities when.needed

For each of the stages, there are a defined activities and
built a cybersecurity operation activity model, as shown
in the following figures at each activity. The activities of
Activities in Preventive Stage
againstmeasurespreventivedeploystagethisin Activities.potential cyber-risks and incidents

Secure Infrastructure Provisioning.1
This activity equips and maintains ICT infrastructure with
security provisions so that the system may function.effectively, efficiently, and securely.This is achieved by running the following sub-activities
Software and Hardware Development is for
developing software and hardware by designing,
implementing, testing, and maintaining them. Creating
and installing software patches are also included here.
For instance, developing an enterprise resource
planning (ERP) software requires review of proper
security considerations. Bugs need to be cleared and
exception handling should be meticulously.implemented
System Integration is for integrating hardware and
software so that they can work effectively, efficiently,
and securely. For instance, an organization may
integrate a new system, with new hardware and
software, with a conventional system. This requires
meticulous design, configuration, and thorough
testing. Recently, a great deal of vulnerability is
created because of poor integration skills rather than.security flaws of individual software components
Network Integration is for integrating network
components and building effective, efficient, and
secure networks. The system may be integrated with a
router, switch, and security appliances such as a
Network
firewall andSecure andThis
IPS/IDS. Integration System
may also Secure
involve deploying
Integrati
security
needzoning, be it either physically or logically.on
they separately,
be
Proper installation
cybersecurity;
andotherwise
configuration
to they are
pushneeded.
responsibilities
maintaini
Note
collaborated.onto each other,
that though
whichthis
leads
paper
to vulnerabilities
describes ng

for
Service Subscription is for subscribing to appropriate
external services, e.g., from internet service providers
(ISPs), application service providers (ASPs), and cloud
service providers (CSPs), so that the system may function
effectively, efficiently, and securely. An organization needs
to choose proper subscriptions for data center services.
For instance, laws applicable to data in a data center may
differ depending on the data center’s location, thus
proper subscription and configuration are needed for
maintaining the security level. Proper subscription
management for users’ subscribing to external services is
also needed. For instance, one user may subscribe to a
service while another does not, or users may use only
domestic cloud services. Note that the above activities
cover a wide range of sub-activities, and thus could be
regarded as independent from cybersecurity operations,.though they are partly overlapping
 Security Policy Design.2
This activity identifies security policies, manually or
automatically, and implements them in the system. Traffic
filtering rules, including blacklists, packet filtering
policies, and content access policies, may be established
and implemented in the system. The rules may be defined
based on manual configuration. They can also be
identified automatically by using policy-mining
technologies that study users’ system usage and identify
proper security policies. Many IDS/IPS products already
implement this automatic policy identification option

Measurement Design This activity establishes.3
measurement schemes, including logging and packet
monitoring. For instance, the target and format of logging
are defined. Apart from that, an integrity check list may
be built, which is useful for reviewing compliance with
the security policy defined by Security Policy Design..Criteria may also be provided for judging anomalies
 Cybersecurity Diagnosis.4
This activity diagnoses cybersecurity risks within systems
by conducting tests and assessments. It is usually run
throughout the system development lifecycle, thus is
often run by Infrastructure Provisioning. It includes the.following subactivities
Source Code Review is for checking whether software
contains vulnerabilities; i.e., white box tests. Based on
known vulnerability patterns of programming language,
verification is made on the existence of similar such
patterns, and diagnosis is made for the existence of
source code that has potential risks of, for instance, buffer.overflow and vulnerability against injection attacks
Integrity Check is for checking the integrity of an ICT
system with a predefined security policy. For instance,
individual users may wish to customize their systems, and
this activity comprehensively investigates that
customization. Checks are made on whether the password
length is long enough as defined in the security
Penetration Test is for attempting to penetrate a system
and checks systems for presence of security risks. In
doing this, the difficulties of intruding need proving. This.activity may use vulnerability scanning tools

Abuse and Stress Test is for checking whether a system
has sufficient resistance against abuses and excessive
burdens. To check resistance against Distributed Denial of
Service (DDoS), spam, etc., the tester imposes an
excessive network burden on a network. The system must
verify the strength of its planned resistance against such.attacks

Vulnerability Enumeration is for investigating a system
to find vulnerabilities, which can be done by external
security service providers as a service. For instance, this
activity scans ICT systems to detect vulnerability by
utilizing past knowhow and vulnerability information, such
as vulnerability notes, and warning information as well as
 Cybersecurity Assessment.5
This activity assesses a system’s cybersecurity status
based on the vulnerability information provided by
Cybersecurity Diagnosis and the internal audit report. It
may score the cybersecurity status considering the.vulnerability level and information confidentiality

Business Scheme Design.6
This activity designs business schemes needed to
handle security incidents and includes the following.sub-activities
Contract Building is for building contracts that
compensate for possible losses caused by cybersecurity
incidents. For instance, an organization may create a
contract for subcontractors defining monetary
compensation for confidential information leakage, which.serves as a deterrent
Compliance Building is for building compliance that
regulates the usage of ICT assets. For instance, an
 Capability Building is for building the cybersecurity
handling capability inside an organization. This activity
may include establishing an incident response team or
system administration department. Team-building inside
7.these organizations is also included in the activity
S2. User Cultivation
This activity cultivates users and increases the
awareness, knowledge, and skills of users and includes.the following sub-activities

Cybersecurity Education is for educating users on
using the system properly. Users are taught, for
instance, the functionality of various ICT assets, their.appropriate usage, and troubleshooting techniques

Practice and Exercise is for training users to use the
system properly. Users are given exercises so that they
can put the knowledge learned from Cybersecurity
Education into practice when needed. As an exercise, an
Boosting Awareness is for boosting awareness of
cybersecurity. It may involve publicizing via posters,
flyers, brochures, and other media to increase awareness
of the importance of cybersecurity and the threat of.security incidents