SlideShare a Scribd company logo

Managing an enterprise cyber security program

Download as PPTX, PDF
abdulkhalid murady
abdulkhalid murady

The document outlines a 9 step process for managing an enterprise cybersecurity program that includes assessing risks, identifying security scopes, evaluating security capabilities and operations, setting target security levels, identifying deficiencies, prioritizing improvements, resourcing and executing improvements, collecting operational metrics, and repeating the process on an ongoing cycle. It provides details on each step and how to assess risks, identify improvement areas, and prioritize remediation efforts to strengthen the overall cybersecurity posture. The goal is to use this iterative process to make progressive improvements to the enterprise's cybersecurity over time.

Related slideshows

The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
Adding Analytics to your Cybersecurity Toolkit with CompTIA Cybersecurity Ana...
Adding Analytics to your Cybersecurity Toolkit with CompTIA Cybersecurity Ana...Adding Analytics to your Cybersecurity Toolkit with CompTIA Cybersecurity Ana...
Adding Analytics to your Cybersecurity Toolkit with CompTIA Cybersecurity Ana...
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity Assessment
 
1 of 18
Network , section ,computer science faculty, Bakhter University , ministry of Higher education of Afghanistan Title : Managing an Enterprise Cybersecurity Program Prepared by: Eng. abdulkhalid Murady Lecturer :Islahuddin Jalal Early Morning 12/26/2017 1
introduction • This chapter describes how enterprises can use iterative assessments and prioritization to select, plan ,resources and execute progressive improvement to its cyber security posture • Cyber security utilizes all management tools that will be described in this chapter: 1. A frame work for managing a cyber security program 2. A quantitative method for assessing the program and identifying strengths and weaknesses. 3. Ongoing operation and cycles of improvements 12/26/2017 2
Enterprise cybersecurity program management: • Cyber security management program are tied with risk mgt , control ,mgt , deficiency tracking , process improvement and measurement processes into a single overarching programmatic cycle. •The above figures of the enterprise cyber security program management process involves an ongoing cycle of assessing threats and risks , making progressive improvements to mitigate them and collecting metrics from security options. 12/26/2017 3
Cybersecurity program step 1:assess assets , threats and Risks: • All assets of enterprise , threats , and risks and its IT systems are assessed and conclude the potentiality of missions attacker and are to breach confidentiality ,compromise integrity or disrupt availability . • When the scope of security is well defined that simplify the defensive process by ensuring that measures are focus on needs the security scope , rather than trying to protect everything from every possible threat simultaneously. • This step’s output is an understanding of the enterprise assets to be protected and the threats against those assets. • Assets ? Might include all data and information, how attackers may target them. • And to be economical for achieving the desired protection. 12/26/2017 4

Recommended for you

Disaster recovery & business continuity
Disaster recovery & business continuityDisaster recovery & business continuity
Disaster recovery & business continuity

This document discusses contingency planning for disasters and business continuity. It defines incident response planning, disaster recovery planning, and business continuity planning as the three main components of contingency planning. It provides learning objectives and outlines the major steps in contingency planning, including conducting a business impact analysis, developing an incident response plan, and creating disaster recovery and business continuity plans.

 
by Dhani Ahmad
information securityinformation managementsecurity technologies
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous Monitoring

SuprTEK provides a continuous monitoring platform called PanOptes to help organizations address challenges in security certification, vulnerability management, inventory management, and compliance reporting. PanOptes collects and correlates data from multiple sources using standards like SCAP. It provides capabilities for policy management, risk scoring, remediation, vulnerability management, compliance assessment, and inventory/configuration management. PanOptes' risk scoring algorithms and data integration architecture allow it to scale from small to very large organizations with millions of devices.

 
by Tieu Luu
risk managementcdmgrc
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk management

Risk Management Strategy is an approach to dealing with global risks focused to anticipate the events, designing and implementing procedures to minimize the occurrence of the event or its impact if it occurs. In era of globalization and interconnected world the task to protect the company from global risks became complicated. Any kind of internally or externally risk can cause distortion to its usual business activities. The source of potential risk can be human being, technology failure, sabotage or Mother Nature. All the risks must be considered individually since they overlap to a large degree. Then our Global Risk Management consulting focuses on: terrorism, internal sabotage, external espionage, technology failure.

 
by G3 intelligence Ltd
security risk managementglobal riskrisks assessment
Step 2:Identify security scopes • To group of assets , treats and Risk management in an enterprise in to security scopes for protection. • CS capabilities should be played into security scopes ,many scopes may use the same security scopes , right level of capabilities and right person to the right place. • Additionally, security scopes are useful in identifying regulated data and systems, and ensuring regulations are adhered to in a practical and economical fashion. • there are two challenges that occur when using scope boundaries to compartmentalize security. – The first challenge is the enterprise must keep track of which policies, rules, and(solution :a limited number of scopes ) controls apply to which scope, potentially increasing complexity. – The second challenge has to do with systems that cross scope boundaries, such as data interconnects and systems administration consoles. (solution :interconnections do not become security vulnerabilities ). This is to do not use administrative accounts for surfing internet and emails to open the permissions for attacker. • Step 3, Assess Risk ,mitigation , capabilities by functional area and security operations: • With understanding of the assets , threats and Risks With in the security scope and next is assessing of security scope. ,assess is done in 11 functional area , • Risk mitigation enterprise should use attack sequence to evaluate its ability to disrupt, defect ,delay and defeat attacks against its assets. And assess each attack scenario and gather the result to gather .security operations evaluate 17 security operational processes and the enterprises assesses its ability to perform these processes to operate its cyber security systems. Enterprise scores these area then aggregated and compared for evaluation and further analysis in security scope • In security scope is adequately and inadequately protected (inadequately means specific activities can be implemented to reach a stated improvement goal or target assessment score. 12/26/2017 5
Step 4:Identify Target Security Levels • With an idea of the assets, threats, risks, and effective security in each scope, the next programmatic goal is to use risk assessment methodology to identify the target security levels and understand if the scope’s current security is adequate, inadequate, or even excessive. • Various parts of the business require different preventive, detective, forensic, and audit controls. • Security scopes help prioritize limited cybersecurity , deliver the greatest enterprise benefits. • Security scopes also simplify the cybersecurity process by reducing the attack surface of vulnerable systems and increasing cybersecurity’s ability to succeed through that simplicity. • this step involves identifying threats, risks, and a target security level • The identified security level represents the business tolerance for potential compromise within the scope • Security level is used to balance of different threats with business desire for flexibility and unobtrusive security that does not imped the business agility. Means different part requires different security protection. • And security infrastructure requires greatest security protection.to protect enterprise 12/26/2017 6
Step 5:Identify Deficient Areas • When security scope , actual security in the scope , and target security levels are identified the next step is to identify which areas are deficient and requires improvement compared to the targets deficient identifying will produce the bellow results: 1. Target security levels may be too high or too low – In this situation, when the enterprise considers what additional security capabilities might be necessary, When a different security posture is required, the target security level can be adjusted either up or down, and the evaluation can be reconsidered. 2. during the assessment, some functional areas are likely to stand out as being considerably weaker than other areas. Prioritize weak area for improvement , weaker area will provide gaps for exploitation of attacker. 3. Deficient functional areas are addressed the next improvement phase includes bringing all areas up to target level of security , This phase often involves a comprehensive effort to improve risk mitigations, security capabilities , and security operations. 12/26/2017 7
Step 6: Prioritize Remediation and Improvements • Thus the security posture in enterprise is defined and also the requirement for each scope the next step is to prioritize remediation and improvement efforts prioritize done by the following factors: 1. Bringing deficient functional areas up to target levels of security 2. Improvements that rely on other improvements as prerequisites 3. Availability and skill levels of available staff and contractors 4. Costs of improvements The goal is to address deficient enterprise cybersecurity functional areas then work on bringing all functional areas up to the target cybersecurity level in a balanced manner. Improvements should be grouped into the following categories: -Immediate(‫باال‬ ‫اولویت‬) -This Year((‫ها‬ ‫نیاز‬ ‫سازی‬ ‫مشخص‬ ‫با‬- Next Year(‫گرفتن‬ ‫بودیجه‬ ‫برای‬ ‫اداره‬ ‫تصویب‬ ‫و‬ ‫تایئ‬ ‫تکمیل‬ ‫و‬ ‫ها‬ ‫نیاز‬ ‫پیش‬ ‫سازی‬ ‫براورده‬ ‫با‬)– Future(‫پروژه‬ ‫نیازهای‬ ‫و‬ ‫بودیجه‬ ‫اخذ‬ ‫پرسونل‬ ‫تکمیل‬ ‫با‬ ‫اولویت‬ ‫کمترین‬.) ‫ها‬ ‫اولویت‬ ‫ها‬ ‫اولویت‬ ‫سازی‬ ‫گروپ‬ ‫زیاد‬ ‫های‬ ‫اولویت‬ ‫برای‬ ‫و‬ ‫اند‬ ‫شده‬ ‫تقسیم‬ ‫فرعی‬ ‫های‬ ‫گروپ‬ ‫به‬ ‫ها‬ ‫اولویت‬ ‫به‬ ‫نظر‬ ‫انکشاف‬ ‫فوق‬ ‫های‬ ‫کتگوری‬ ‫در‬‫س‬ ‫ی‬‫ایب‬‫ر‬ ‫گردد‬ ‫اجرا‬ ‫و‬ ‫تعین‬ ‫و‬ ‫منابع‬ ‫میتواند‬ ‫کار‬ ‫به‬ ‫و‬ ‫میسازد‬ ‫برابر‬ ‫سازمان‬ ‫مالی‬ ‫چرخه‬ ‫با‬ ‫را‬ ‫سکیوریتی‬. Step 7:Resource and Execute Improvements: Once improvements are prioritized, the enterprise can begin resourcing and executing them resourcing are conducted in parallel against each category grouping of improvements: For :  Immediate (‫مینماید‬ ‫نظارت‬ ‫کار‬ ‫از‬ ‫و‬ ‫اغاز‬ ‫را‬ ‫کار‬ ‫سایبرسکیورتی‬ ‫رهبری‬)  This Yea (‫میگردد‬ ‫اغاز‬ ‫سال‬ ‫همان‬ ‫در‬ ‫انکشاف‬ ‫و‬ ‫میسازد‬ ‫اماده‬ ‫را‬ ‫ها‬ ‫نیاز‬ ‫پیش‬ ‫و‬ ‫مینماید‬ ‫کار‬ ‫بندی‬ ‫اولویت‬ ‫و‬ ‫منابع‬ ‫سازماندهی‬ ‫برای‬ ‫رهبری‬)  Next and Future ‫و‬ ‫نموده‬ ‫مالحظه‬ ‫اینده‬ ‫یال‬ ‫کار‬ ‫برای‬ ‫را‬ ‫بودیجه‬ ‫و‬ ، ‫مینماید‬ ‫گزاری‬ ‫پالن‬ ‫کار‬ ‫اغاز‬ ‫برای‬ ‫رهبری‬ Step 8: collect Operational Metrics: As the enterprise executes its improvements and operates its security program the next program Is to collect metrics from cybersecurity operations, the metrics include all functional areas , measure signs of security incidents or indicators of attacker activities indicating the presence of anticipated threats. And shows threats are coming from where and what can be the result if the threats are not before they can succeed for example: For example, tracking and trending threats could show that the million scans are an increase from only ten thousand from the previous month. Security takes on a whole new urgency if enterprise leadership has a mental picture of attackers who are just waiting to pounce at the slightest mistake or vulnerability. 12/26/2017 8

Recommended for you

Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!

The document discusses security solutions and services offered by Connection to help organizations address increasing cyber threats. It describes Connection's approach of assessing vulnerabilities, developing risk management strategies, and implementing unified security stacks and managed security services to continuously protect, detect, and react to threats. Connection's experts can help organizations understand and prioritize security risks, implement appropriate solutions, and manage security programs on an ongoing basis.

 
by Heather Salmons Newswanger
information securitysecurity trainingsoftware
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment

Terminology Security Risk Assessment Detailed Risk Analysis Process Asset Identification / System Characterizations Threat Identification Vulnerability Identification Analyze Risks / Control Analysis Likelihood Determination Impact analysis / Consequence determination Risk determination Control Recommendation & Result Documentation

 
by CAS
security risk assessmentdetailed risk analysis processrisk determination
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint

Miguel Sanchez presented on risk based security and self protection technologies. He discussed how the threat landscape has changed and the need for a proactive, risk based approach. This involves a multi-tiered risk management process including framing risks at the organizational, mission, and system levels. Emerging technologies like runtime application self protection can help applications protect themselves by monitoring for threats during execution.

 
by randalje86
Step 9: Return to Step 1 • After collecting metrics, the cybersecurity program management process returns to the assessment phase and the cycle repeats This assess ➤ prioritize ➤ execute ➤ operate cycle should go through a complete iteration multiple times each year. • During each cycle, the enterprise updates its threat assessment, takes stock of completed security improvements, identifies new security improvements to implement, and lines up future security improvements for execution when resources become available. • Cycle iterates in different categories immediate , this year , next year until they are executed • The framework also provides the ability to report on both immediate activities and the big picture strategy at any time • Strategy helps to balance effectively cybersecurity with business needs in cost effective manner. 12/26/2017 9
Assessing security threats: • Then the enterprise has assessed its assets ,threats and Risks(step 1) and defined security scopes to contain those risks (step 2) security posture and status in each scope the next level may be over all security posture. • In each scope considers to protect : confidentiality, integrity, or availability • enterprise needs to consider the appropriate balance of preventive, detective, forensic, and audit controls to deliver that protection 12/26/2017 10
level of assessing the security status, per security scope: Cyber security program step 3:assess Risk mitigations , capabilities and security operations: • 3A :Assessing cyber security Risk mitigations: What is the effectiveness of risk mitigations within the security scope? What are the abilities of the risk mitigations to disrupt the attack sequence of the anticipated attack? • 3B: assessing cyber security capabilities by functional area: using Object Measurement methodology to calculate enterprise cybersecurity program assessment scores for each functional area. • 3C: Assessing Security operations: considering the utilization and effectiveness of the17 security operational processes and the 14 supporting information systems. Objective Measurement. • Step 4: Identify Target Security Levels: • to identify the target cybersecurity levels for the scope , based on the risk assessment process , that represents the target cybersecurity level for the scope . So, the target cybersecurity security level for the scope can be represented as a single value that applies to the risk mitigations, functional areas, and security operations. The figures bellow shows the 11 functionality area: 12/26/2017 11
12/26/2017 12 The enterprise can depict the side-by-side results of its enterprise cybersecurity program assessment of the risk mitigations, the 11 functional areas, and security operations, along with the target cybersecurity level for the security scope.

Recommended for you

Risk Based Security Management
Risk Based Security ManagementRisk Based Security Management
Risk Based Security Management

Risk Based Security Management (RBSM) is defined as applying rigorous analytical techniques to evaluate risks impacting an organization's information assets and infrastructure. RBSM involves identifying important assets and risks, collecting relevant data, performing risk assessments to analyze probabilities and impacts, presenting results to the organization, identifying control objectives to minimize risks, selecting and implementing controls, monitoring controls, and repeating the process as the environment changes. Glintt's RBSM managed services approach creates an environment for informed choices by analyzing threat frequencies and vulnerabilities cyclically with feedback to continuously learn and challenge assumptions.

 
by Luis Martins
risk management
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards

The document discusses security policies and standards. It defines different types of policies like enterprise, issue-specific, and systems-specific policies. It also discusses how policies are developed based on an organization's mission and vision. Effective policies require dissemination, review, comprehension, and compliance. Frameworks and industry standards also guide policy development. Additionally, the document outlines the importance of security education, training, and awareness programs to inform employees and reinforce security practices.

 
by primeteacher32
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment

The Significance of IT Security Management & Risk Assessment An overview of IT Security Management, which is comprised of standards, policies, plans, and procedures as well as risk assessment and the various techniques and approaches to minimize an organization’s financial impact due to the exploitation of numerous organizational assets.

 
by Bradley Susser
plansan overview of it security managementpolicies
Step 5: Identify Deficient Areas 12/26/2017 13 Once the scoring is complete and the results plotted or otherwise displayed, the areas of the cybersecurity program that are most deficient should be apparent. 1. Risk Mitigations (40%) 2. Functional Area: Systems Administration (40%) 3. Functional Area: Identity, Authentication, and Access Management (40%) 4. Functional Area: Incident Response (40%) 5. Functional Area: Asset Management (40%) 6. Security Operations (40%) . These improvements should address the greatest known weaknesses in the overall cybersecurity across the enterprise. Remember, a tenet of the enterprise cybersecurity architecture in this section is that risk mitigations, functional areas, and security operations are all of approximately equal importance in delivering overall enterprise cybersecurity.
Step 6: Prioritize Remediation and Improvements • to prioritize the remediation and improvement efforts. • These improvements should bring the following cybersecurity areas up to a consistent score of approximately 60%: (1) risk mitigations, (2) systems administration, (3) identity, authentication, and access management, (4) incident response, (5) asset management and supply chain, and(6) security operations. • Phase 1: • • Functional Area: Data Protection and Cryptography • Functional Area: High Availability, Disaster Recovery, and Physical Protection • Functional Area: Policy, Audit, E-Discovery, and Training • These phase 2 : improvements might be accomplished by the following: • Improving risk mitigations by addressing projected attack sequences • Improving functional areas by adding security capabilities or improving their utilization •Improving security operations by implementing operational processes. 12/26/2017 14
Considering Types of Improvements • Risk mitigations disrupting, detecting, delaying, and defeating known threats and their attack sequences. • Security capabilities : the overall security capabilities will address unknown threats, unanticipated attacks, defender mistakes, and attackers who use new technologies or innovative approaches. • Security operations : effective security operations is required to make them work in repelling attacks on an ongoing basis. • Considering Threat Scenarios • What asset would be endangered (for example, credit card numbers that could be stolen) • Where the asset resides and when • Who has access to the asset • When and how an attacker might access the asset (for example, via the operating system, database, application, or user account levels) • Attack sequences for attackers to obtain access • Audit controls to find the attacker’s access point, if the scenario occurred • Forensic controls to log the access, if the assess occurred • Detective controls to alert the enterprise when such access occurred • Preventive controls to block such access from occurring When the above are collected by third party should be evaluated for finding threat vectors. This type of red-team exercise is useful to identify faulty enterprise cyber defender assumptions and gaps in cyber defense thinking that might undermine the overall security posture. 12/26/2017 15
Prioritizing Improvement Projects • Tasks have to be prioritized based on value and cost, sequenced based on dependencies, and ultimately resourced from limited available resources. • Internal and external constraints. • Projects are grouped in to the following : • They directly thwart anticipated attacks or address known risks to improve risk mitigations • They deliver capabilities that improve cybersecurity functional areas • They strengthen cybersecurity operational processes . leadership should consider the following questions related to what it will take to successfully complete the project: • 12/26/2017 16

Recommended for you

Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...

With the increasing use of computers in business information security has also become a key issue in organizations. Risk assessment in organizations is vital in order to identify threats and take appropriate measures. There are various risk assessment methodologies exist which organizations use for risk assessment depending the type and need of organizations. In this research OCTAVE methodology has been used following a comparative study of various methodologies due to its flexibility and simplicity. The methodology was implemented in a financial institution and results of its efficacy have been discussed.

 
by Editor IJCATR
risk assessmentinformation systemssecurity
NIST Supply Chain Risk publication 800-161
NIST Supply Chain Risk publication 800-161NIST Supply Chain Risk publication 800-161
NIST Supply Chain Risk publication 800-161

Second Draft Special Publication (SP) 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations is available for public comment. To learn more about this draft SP – details are provided along with links to this draft and comment template can be found on the CSRC Draft publications page.

 
by David Sweigert
sweigerthipaakaiser
A project approach to HIPAA
A project approach to HIPAAA project approach to HIPAA
A project approach to HIPAA

This document outlines a 6-phase process for developing an information security management system (ISMS) to ensure compliance with HIPAA security regulations. Phase 1 involves planning the project. Phase 2 develops security policies and standards. Phase 3 performs a risk assessment to identify threats, vulnerabilities and risks. Phase 4 manages identified risks. Phase 5 implements security controls. Phase 6 prepares documentation of the compliance program. The goal is to establish an ongoing management system for maintaining security and regulatory compliance.

 
by Daniel P Wallace
cisspcisohealthcare
Updating Priority Lists 12/26/2017 17 Tracking Cybersecurity Project Results: As a quantitative method, these program assessment scores are well suited for tracking results over time and aggregating results for functional areas and scopes into combined scores that can then also be tracked and reported over time.
Engineer Abdulkhalid Murady Email: Abdulkhalid Murady Phone:+93780606753 12/26/2017 18

More Related Content

What's hot

The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
Sergey Erohin
 
Adding Analytics to your Cybersecurity Toolkit with CompTIA Cybersecurity Ana...
Adding Analytics to your Cybersecurity Toolkit with CompTIA Cybersecurity Ana...Adding Analytics to your Cybersecurity Toolkit with CompTIA Cybersecurity Ana...
Adding Analytics to your Cybersecurity Toolkit with CompTIA Cybersecurity Ana...
CompTIA
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity Assessment
Claude Baudoin
 
Disaster recovery & business continuity
Disaster recovery & business continuityDisaster recovery & business continuity
Disaster recovery & business continuity
Dhani Ahmad
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous Monitoring
Tieu Luu
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk management
G3 intelligence Ltd
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
Heather Salmons Newswanger
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint
randalje86
 
Risk Based Security Management
Risk Based Security ManagementRisk Based Security Management
Risk Based Security Management
Luis Martins
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
Bradley Susser
 
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Editor IJCATR
 
NIST Supply Chain Risk publication 800-161
NIST Supply Chain Risk publication 800-161NIST Supply Chain Risk publication 800-161
NIST Supply Chain Risk publication 800-161
David Sweigert
 
A project approach to HIPAA
A project approach to HIPAAA project approach to HIPAA
A project approach to HIPAA
Daniel P Wallace
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment Basics
Vidyalankar Institute of Technology
 
CISA exam 100 practice question
CISA exam 100 practice questionCISA exam 100 practice question
CISA exam 100 practice question
Arshad A Javed
 
Practical Measures for Measuring Security
Practical Measures for Measuring SecurityPractical Measures for Measuring Security
Practical Measures for Measuring Security
Chris Mullins
 
CRISC Exam Questions
CRISC Exam QuestionsCRISC Exam Questions
CRISC Exam Questions
Certifications
 

What's hot (19)

The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
Adding Analytics to your Cybersecurity Toolkit with CompTIA Cybersecurity Ana...
Adding Analytics to your Cybersecurity Toolkit with CompTIA Cybersecurity Ana...Adding Analytics to your Cybersecurity Toolkit with CompTIA Cybersecurity Ana...
Adding Analytics to your Cybersecurity Toolkit with CompTIA Cybersecurity Ana...
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity Assessment
 
Disaster recovery & business continuity
Disaster recovery & business continuityDisaster recovery & business continuity
Disaster recovery & business continuity
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous Monitoring
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk management
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint
 
Risk Based Security Management
Risk Based Security ManagementRisk Based Security Management
Risk Based Security Management
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
 
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
 
NIST Supply Chain Risk publication 800-161
NIST Supply Chain Risk publication 800-161NIST Supply Chain Risk publication 800-161
NIST Supply Chain Risk publication 800-161
 
A project approach to HIPAA
A project approach to HIPAAA project approach to HIPAA
A project approach to HIPAA
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment Basics
 
CISA exam 100 practice question
CISA exam 100 practice questionCISA exam 100 practice question
CISA exam 100 practice question
 
Practical Measures for Measuring Security
Practical Measures for Measuring SecurityPractical Measures for Measuring Security
Practical Measures for Measuring Security
 
CRISC Exam Questions
CRISC Exam QuestionsCRISC Exam Questions
CRISC Exam Questions
 

Similar to Managing an enterprise cyber security program

Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdfSecurity Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
Overkill Security
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
Sergey Erohin
 
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient Path
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient PathEmbarking on Your ServiceNow SecOps Journey: A Secure and Efficient Path
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient Path
Aelum Consulting
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
Ram Srivastava
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
FitCEO, Inc. (FCI)
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.
FitCEO, Inc. (FCI)
 
Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...
Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...
Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...
CompTIA
 
Cyber Security Risk Mitigation Checklist
Cyber Security Risk Mitigation ChecklistCyber Security Risk Mitigation Checklist
Cyber Security Risk Mitigation Checklist
timsnp
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
Naushad Rajani. - CISA, CISSP, CCSP, PMP, DCPP (Privacy)
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and Control
Asad Raza
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
yaseraljohani
 
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptxC2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
ssusere84743
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
Michael Ball
 
How-To-Guide for Software Security Vulnerability Remediation
How-To-Guide for Software Security Vulnerability RemediationHow-To-Guide for Software Security Vulnerability Remediation
How-To-Guide for Software Security Vulnerability Remediation
Denim Group
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
Accounting_Whitepapers
 
Security risk management
Security risk managementSecurity risk management
Security risk management
brijesh singh
 
Cmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEWCmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEW
shyamuop
 
CMGT 400 Entire Course NEW
CMGT 400 Entire Course NEWCMGT 400 Entire Course NEW
CMGT 400 Entire Course NEW
shyamuopfive
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdf
dotco
 

Similar to Managing an enterprise cyber security program (20)

Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdfSecurity Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient Path
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient PathEmbarking on Your ServiceNow SecOps Journey: A Secure and Efficient Path
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient Path
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.
 
Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...
Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...
Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...
 
Cyber Security Risk Mitigation Checklist
Cyber Security Risk Mitigation ChecklistCyber Security Risk Mitigation Checklist
Cyber Security Risk Mitigation Checklist
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and Control
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptxC2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
 
How-To-Guide for Software Security Vulnerability Remediation
How-To-Guide for Software Security Vulnerability RemediationHow-To-Guide for Software Security Vulnerability Remediation
How-To-Guide for Software Security Vulnerability Remediation
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Cmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEWCmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEW
 
CMGT 400 Entire Course NEW
CMGT 400 Entire Course NEWCMGT 400 Entire Course NEW
CMGT 400 Entire Course NEW
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdf
 

Recently uploaded

Cookies program to display the information though cookie creation
Cookies program to display the information though cookie creationCookies program to display the information though cookie creation
Cookies program to display the information though cookie creation
shanthidl1
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
KAMAL CHOUDHARY
 
20240705 QFM024 Irresponsible AI Reading List June 2024
20240705 QFM024 Irresponsible AI Reading List June 202420240705 QFM024 Irresponsible AI Reading List June 2024
20240705 QFM024 Irresponsible AI Reading List June 2024
Matthew Sinclair
 
Comparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdfComparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdf
Andrey Yasko
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
Adam Dunkels
 
Quality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of TimeQuality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of Time
Aurora Consulting
 
20240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 202420240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 2024
Matthew Sinclair
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
Eric D. Schabell
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Mydbops
 
What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024
Stephanie Beckett
 
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionAdvanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Bert Blevins
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
ArgaBisma
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
SynapseIndia
 
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
Toru Tamaki
 
Research Directions for Cross Reality Interfaces
Research Directions for Cross Reality InterfacesResearch Directions for Cross Reality Interfaces
Research Directions for Cross Reality Interfaces
Mark Billinghurst
 
20240702 Présentation Plateforme GenAI.pdf
20240702 Présentation Plateforme GenAI.pdf20240702 Présentation Plateforme GenAI.pdf
20240702 Présentation Plateforme GenAI.pdf
Sally Laouacheria
 
WPRiders Company Presentation Slide Deck
WPRiders Company Presentation Slide DeckWPRiders Company Presentation Slide Deck
WPRiders Company Presentation Slide Deck
Lidia A.
 
Best Programming Language for Civil Engineers
Best Programming Language for Civil EngineersBest Programming Language for Civil Engineers
Best Programming Language for Civil Engineers
Awais Yaseen
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
BookNet Canada
 
Calgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptxCalgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptx
ishalveerrandhawa1
 

Recently uploaded (20)

Cookies program to display the information though cookie creation
Cookies program to display the information though cookie creationCookies program to display the information though cookie creation
Cookies program to display the information though cookie creation
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
 
20240705 QFM024 Irresponsible AI Reading List June 2024
20240705 QFM024 Irresponsible AI Reading List June 202420240705 QFM024 Irresponsible AI Reading List June 2024
20240705 QFM024 Irresponsible AI Reading List June 2024
 
Comparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdfComparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdf
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
 
Quality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of TimeQuality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of Time
 
20240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 202420240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 2024
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
 
What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024
 
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionAdvanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
 
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
 
Research Directions for Cross Reality Interfaces
Research Directions for Cross Reality InterfacesResearch Directions for Cross Reality Interfaces
Research Directions for Cross Reality Interfaces
 
20240702 Présentation Plateforme GenAI.pdf
20240702 Présentation Plateforme GenAI.pdf20240702 Présentation Plateforme GenAI.pdf
20240702 Présentation Plateforme GenAI.pdf
 
WPRiders Company Presentation Slide Deck
WPRiders Company Presentation Slide DeckWPRiders Company Presentation Slide Deck
WPRiders Company Presentation Slide Deck
 
Best Programming Language for Civil Engineers
Best Programming Language for Civil EngineersBest Programming Language for Civil Engineers
Best Programming Language for Civil Engineers
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
 
Calgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptxCalgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptx
 

Managing an enterprise cyber security program

  • 1. Network , section ,computer science faculty, Bakhter University , ministry of Higher education of Afghanistan Title : Managing an Enterprise Cybersecurity Program Prepared by: Eng. abdulkhalid Murady Lecturer :Islahuddin Jalal Early Morning 12/26/2017 1
  • 2. introduction • This chapter describes how enterprises can use iterative assessments and prioritization to select, plan ,resources and execute progressive improvement to its cyber security posture • Cyber security utilizes all management tools that will be described in this chapter: 1. A frame work for managing a cyber security program 2. A quantitative method for assessing the program and identifying strengths and weaknesses. 3. Ongoing operation and cycles of improvements 12/26/2017 2
  • 3. Enterprise cybersecurity program management: • Cyber security management program are tied with risk mgt , control ,mgt , deficiency tracking , process improvement and measurement processes into a single overarching programmatic cycle. •The above figures of the enterprise cyber security program management process involves an ongoing cycle of assessing threats and risks , making progressive improvements to mitigate them and collecting metrics from security options. 12/26/2017 3
  • 4. Cybersecurity program step 1:assess assets , threats and Risks: • All assets of enterprise , threats , and risks and its IT systems are assessed and conclude the potentiality of missions attacker and are to breach confidentiality ,compromise integrity or disrupt availability . • When the scope of security is well defined that simplify the defensive process by ensuring that measures are focus on needs the security scope , rather than trying to protect everything from every possible threat simultaneously. • This step’s output is an understanding of the enterprise assets to be protected and the threats against those assets. • Assets ? Might include all data and information, how attackers may target them. • And to be economical for achieving the desired protection. 12/26/2017 4
  • 5. Step 2:Identify security scopes • To group of assets , treats and Risk management in an enterprise in to security scopes for protection. • CS capabilities should be played into security scopes ,many scopes may use the same security scopes , right level of capabilities and right person to the right place. • Additionally, security scopes are useful in identifying regulated data and systems, and ensuring regulations are adhered to in a practical and economical fashion. • there are two challenges that occur when using scope boundaries to compartmentalize security. – The first challenge is the enterprise must keep track of which policies, rules, and(solution :a limited number of scopes ) controls apply to which scope, potentially increasing complexity. – The second challenge has to do with systems that cross scope boundaries, such as data interconnects and systems administration consoles. (solution :interconnections do not become security vulnerabilities ). This is to do not use administrative accounts for surfing internet and emails to open the permissions for attacker. • Step 3, Assess Risk ,mitigation , capabilities by functional area and security operations: • With understanding of the assets , threats and Risks With in the security scope and next is assessing of security scope. ,assess is done in 11 functional area , • Risk mitigation enterprise should use attack sequence to evaluate its ability to disrupt, defect ,delay and defeat attacks against its assets. And assess each attack scenario and gather the result to gather .security operations evaluate 17 security operational processes and the enterprises assesses its ability to perform these processes to operate its cyber security systems. Enterprise scores these area then aggregated and compared for evaluation and further analysis in security scope • In security scope is adequately and inadequately protected (inadequately means specific activities can be implemented to reach a stated improvement goal or target assessment score. 12/26/2017 5
  • 6. Step 4:Identify Target Security Levels • With an idea of the assets, threats, risks, and effective security in each scope, the next programmatic goal is to use risk assessment methodology to identify the target security levels and understand if the scope’s current security is adequate, inadequate, or even excessive. • Various parts of the business require different preventive, detective, forensic, and audit controls. • Security scopes help prioritize limited cybersecurity , deliver the greatest enterprise benefits. • Security scopes also simplify the cybersecurity process by reducing the attack surface of vulnerable systems and increasing cybersecurity’s ability to succeed through that simplicity. • this step involves identifying threats, risks, and a target security level • The identified security level represents the business tolerance for potential compromise within the scope • Security level is used to balance of different threats with business desire for flexibility and unobtrusive security that does not imped the business agility. Means different part requires different security protection. • And security infrastructure requires greatest security protection.to protect enterprise 12/26/2017 6
  • 7. Step 5:Identify Deficient Areas • When security scope , actual security in the scope , and target security levels are identified the next step is to identify which areas are deficient and requires improvement compared to the targets deficient identifying will produce the bellow results: 1. Target security levels may be too high or too low – In this situation, when the enterprise considers what additional security capabilities might be necessary, When a different security posture is required, the target security level can be adjusted either up or down, and the evaluation can be reconsidered. 2. during the assessment, some functional areas are likely to stand out as being considerably weaker than other areas. Prioritize weak area for improvement , weaker area will provide gaps for exploitation of attacker. 3. Deficient functional areas are addressed the next improvement phase includes bringing all areas up to target level of security , This phase often involves a comprehensive effort to improve risk mitigations, security capabilities , and security operations. 12/26/2017 7
  • 8. Step 6: Prioritize Remediation and Improvements • Thus the security posture in enterprise is defined and also the requirement for each scope the next step is to prioritize remediation and improvement efforts prioritize done by the following factors: 1. Bringing deficient functional areas up to target levels of security 2. Improvements that rely on other improvements as prerequisites 3. Availability and skill levels of available staff and contractors 4. Costs of improvements The goal is to address deficient enterprise cybersecurity functional areas then work on bringing all functional areas up to the target cybersecurity level in a balanced manner. Improvements should be grouped into the following categories: -Immediate(‫باال‬ ‫اولویت‬) -This Year((‫ها‬ ‫نیاز‬ ‫سازی‬ ‫مشخص‬ ‫با‬- Next Year(‫گرفتن‬ ‫بودیجه‬ ‫برای‬ ‫اداره‬ ‫تصویب‬ ‫و‬ ‫تایئ‬ ‫تکمیل‬ ‫و‬ ‫ها‬ ‫نیاز‬ ‫پیش‬ ‫سازی‬ ‫براورده‬ ‫با‬)– Future(‫پروژه‬ ‫نیازهای‬ ‫و‬ ‫بودیجه‬ ‫اخذ‬ ‫پرسونل‬ ‫تکمیل‬ ‫با‬ ‫اولویت‬ ‫کمترین‬.) ‫ها‬ ‫اولویت‬ ‫ها‬ ‫اولویت‬ ‫سازی‬ ‫گروپ‬ ‫زیاد‬ ‫های‬ ‫اولویت‬ ‫برای‬ ‫و‬ ‫اند‬ ‫شده‬ ‫تقسیم‬ ‫فرعی‬ ‫های‬ ‫گروپ‬ ‫به‬ ‫ها‬ ‫اولویت‬ ‫به‬ ‫نظر‬ ‫انکشاف‬ ‫فوق‬ ‫های‬ ‫کتگوری‬ ‫در‬‫س‬ ‫ی‬‫ایب‬‫ر‬ ‫گردد‬ ‫اجرا‬ ‫و‬ ‫تعین‬ ‫و‬ ‫منابع‬ ‫میتواند‬ ‫کار‬ ‫به‬ ‫و‬ ‫میسازد‬ ‫برابر‬ ‫سازمان‬ ‫مالی‬ ‫چرخه‬ ‫با‬ ‫را‬ ‫سکیوریتی‬. Step 7:Resource and Execute Improvements: Once improvements are prioritized, the enterprise can begin resourcing and executing them resourcing are conducted in parallel against each category grouping of improvements: For :  Immediate (‫مینماید‬ ‫نظارت‬ ‫کار‬ ‫از‬ ‫و‬ ‫اغاز‬ ‫را‬ ‫کار‬ ‫سایبرسکیورتی‬ ‫رهبری‬)  This Yea (‫میگردد‬ ‫اغاز‬ ‫سال‬ ‫همان‬ ‫در‬ ‫انکشاف‬ ‫و‬ ‫میسازد‬ ‫اماده‬ ‫را‬ ‫ها‬ ‫نیاز‬ ‫پیش‬ ‫و‬ ‫مینماید‬ ‫کار‬ ‫بندی‬ ‫اولویت‬ ‫و‬ ‫منابع‬ ‫سازماندهی‬ ‫برای‬ ‫رهبری‬)  Next and Future ‫و‬ ‫نموده‬ ‫مالحظه‬ ‫اینده‬ ‫یال‬ ‫کار‬ ‫برای‬ ‫را‬ ‫بودیجه‬ ‫و‬ ، ‫مینماید‬ ‫گزاری‬ ‫پالن‬ ‫کار‬ ‫اغاز‬ ‫برای‬ ‫رهبری‬ Step 8: collect Operational Metrics: As the enterprise executes its improvements and operates its security program the next program Is to collect metrics from cybersecurity operations, the metrics include all functional areas , measure signs of security incidents or indicators of attacker activities indicating the presence of anticipated threats. And shows threats are coming from where and what can be the result if the threats are not before they can succeed for example: For example, tracking and trending threats could show that the million scans are an increase from only ten thousand from the previous month. Security takes on a whole new urgency if enterprise leadership has a mental picture of attackers who are just waiting to pounce at the slightest mistake or vulnerability. 12/26/2017 8
  • 9. Step 9: Return to Step 1 • After collecting metrics, the cybersecurity program management process returns to the assessment phase and the cycle repeats This assess ➤ prioritize ➤ execute ➤ operate cycle should go through a complete iteration multiple times each year. • During each cycle, the enterprise updates its threat assessment, takes stock of completed security improvements, identifies new security improvements to implement, and lines up future security improvements for execution when resources become available. • Cycle iterates in different categories immediate , this year , next year until they are executed • The framework also provides the ability to report on both immediate activities and the big picture strategy at any time • Strategy helps to balance effectively cybersecurity with business needs in cost effective manner. 12/26/2017 9
  • 10. Assessing security threats: • Then the enterprise has assessed its assets ,threats and Risks(step 1) and defined security scopes to contain those risks (step 2) security posture and status in each scope the next level may be over all security posture. • In each scope considers to protect : confidentiality, integrity, or availability • enterprise needs to consider the appropriate balance of preventive, detective, forensic, and audit controls to deliver that protection 12/26/2017 10
  • 11. level of assessing the security status, per security scope: Cyber security program step 3:assess Risk mitigations , capabilities and security operations: • 3A :Assessing cyber security Risk mitigations: What is the effectiveness of risk mitigations within the security scope? What are the abilities of the risk mitigations to disrupt the attack sequence of the anticipated attack? • 3B: assessing cyber security capabilities by functional area: using Object Measurement methodology to calculate enterprise cybersecurity program assessment scores for each functional area. • 3C: Assessing Security operations: considering the utilization and effectiveness of the17 security operational processes and the 14 supporting information systems. Objective Measurement. • Step 4: Identify Target Security Levels: • to identify the target cybersecurity levels for the scope , based on the risk assessment process , that represents the target cybersecurity level for the scope . So, the target cybersecurity security level for the scope can be represented as a single value that applies to the risk mitigations, functional areas, and security operations. The figures bellow shows the 11 functionality area: 12/26/2017 11
  • 12. 12/26/2017 12 The enterprise can depict the side-by-side results of its enterprise cybersecurity program assessment of the risk mitigations, the 11 functional areas, and security operations, along with the target cybersecurity level for the security scope.
  • 13. Step 5: Identify Deficient Areas 12/26/2017 13 Once the scoring is complete and the results plotted or otherwise displayed, the areas of the cybersecurity program that are most deficient should be apparent. 1. Risk Mitigations (40%) 2. Functional Area: Systems Administration (40%) 3. Functional Area: Identity, Authentication, and Access Management (40%) 4. Functional Area: Incident Response (40%) 5. Functional Area: Asset Management (40%) 6. Security Operations (40%) . These improvements should address the greatest known weaknesses in the overall cybersecurity across the enterprise. Remember, a tenet of the enterprise cybersecurity architecture in this section is that risk mitigations, functional areas, and security operations are all of approximately equal importance in delivering overall enterprise cybersecurity.
  • 14. Step 6: Prioritize Remediation and Improvements • to prioritize the remediation and improvement efforts. • These improvements should bring the following cybersecurity areas up to a consistent score of approximately 60%: (1) risk mitigations, (2) systems administration, (3) identity, authentication, and access management, (4) incident response, (5) asset management and supply chain, and(6) security operations. • Phase 1: • • Functional Area: Data Protection and Cryptography • Functional Area: High Availability, Disaster Recovery, and Physical Protection • Functional Area: Policy, Audit, E-Discovery, and Training • These phase 2 : improvements might be accomplished by the following: • Improving risk mitigations by addressing projected attack sequences • Improving functional areas by adding security capabilities or improving their utilization •Improving security operations by implementing operational processes. 12/26/2017 14
  • 15. Considering Types of Improvements • Risk mitigations disrupting, detecting, delaying, and defeating known threats and their attack sequences. • Security capabilities : the overall security capabilities will address unknown threats, unanticipated attacks, defender mistakes, and attackers who use new technologies or innovative approaches. • Security operations : effective security operations is required to make them work in repelling attacks on an ongoing basis. • Considering Threat Scenarios • What asset would be endangered (for example, credit card numbers that could be stolen) • Where the asset resides and when • Who has access to the asset • When and how an attacker might access the asset (for example, via the operating system, database, application, or user account levels) • Attack sequences for attackers to obtain access • Audit controls to find the attacker’s access point, if the scenario occurred • Forensic controls to log the access, if the assess occurred • Detective controls to alert the enterprise when such access occurred • Preventive controls to block such access from occurring When the above are collected by third party should be evaluated for finding threat vectors. This type of red-team exercise is useful to identify faulty enterprise cyber defender assumptions and gaps in cyber defense thinking that might undermine the overall security posture. 12/26/2017 15
  • 16. Prioritizing Improvement Projects • Tasks have to be prioritized based on value and cost, sequenced based on dependencies, and ultimately resourced from limited available resources. • Internal and external constraints. • Projects are grouped in to the following : • They directly thwart anticipated attacks or address known risks to improve risk mitigations • They deliver capabilities that improve cybersecurity functional areas • They strengthen cybersecurity operational processes . leadership should consider the following questions related to what it will take to successfully complete the project: • 12/26/2017 16
  • 17. Updating Priority Lists 12/26/2017 17 Tracking Cybersecurity Project Results: As a quantitative method, these program assessment scores are well suited for tracking results over time and aggregating results for functional areas and scopes into combined scores that can then also be tracked and reported over time.
  • 18. Engineer Abdulkhalid Murady Email: Abdulkhalid Murady Phone:+93780606753 12/26/2017 18

Editor's Notes

  1. Deficient = کمبود دارائی
  2. Compartmentalize=دفع کردن adhered =وفادار ماندن adequately =به اندازه کافی
  3. Unobtrusive=غافلگیر کننده impede = مانع
  4. posture =استقرار و حالت Deficient = دارای کمبود
  5. Deficient=کمبود ناکارا
  6. insertion =قرار دادن
  7. Posture= وضع ، حالت
  8. Can counter against to the attack using use Object Measurement methodology and bring effectiveness resulting to risk mitigation.
  9. Tenet=اصل