Cyber Security Defense in-Depth diagram

Like this? Share it with your network

Share

Cyber Security Defense in-Depth diagram

  • 2,892 views
Uploaded on

Cyber Security Defense in-Depth diagram

Cyber Security Defense in-Depth diagram

More in: Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,892
On Slideshare
2,886
From Embeds
6
Number of Embeds
3

Actions

Shares
Downloads
57
Comments
0
Likes
3

Embeds 6

http://www.linkedin.com 3
https://www.linkedin.com 2
https://twitter.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 2. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** • Layer 1 – Governance; Information Security ManagementSystem clauses 4 – 10 – the management system is #1 because without it no decisions would be made, no oversight, no vision, no strategy, no tactical planning, and no risk management.Layer #1 helps safeguard against chaos and ineffective security management. • Layer 2 – Security Program;Policy, OrganizationalDesign, Legal Obligations, Asset Management. OnceGovernance is in place it’s time to build the security program,take assessmentof our legal obligationsand identify what the heck we are trying to protect. Layer #2 help focus our security programso that it bring value to the organization. • Layer 3 - Human Resources; following the design it’s time to fill the roles and responsibilities with competent resources. People will help run the program but not before it’s organized and under the direction of a senior manager. • Layer 4 - Incident Management; security incidents happen all the time outside the organization and its control framework, and sometimes they impact employees. Security events occur thousands of times every day but incidents normally occur at a much lower frequency. Once we have a programwe will need to manageinternal and external incidents, interviewing people, gathering evidence, recording the events leading up to the incident. Layer 4 is all about being prepared now that you have a program and resources to facilitate investigations. • Layer 5 - Access Control; layer #5 is where we begin to see more formal integration of policies, procedures and standards. Access control is where information and its value are weighed against a person’s need-to-know. Layer #5 is where we begin to architect the security infrastructure. • Layer 6 - Physical & Environmental; layer #6 is where we apply access control and security architectureto facilities and environmental systems. • Layer 7 - Information Systems Acquisition, Development & Maintenance; layer #7 is where the Cyber Security Architecture integrates with procurement and contract management. Layer #7 also looks at outsourcingand the integration of quality managementwithin the software development life cycle. • Layer 8 - Communicationsand Operations Management; in layer #8 Cyber Security Architecture is applied to telecommunications within the internet and externally with service providers and vendors. Understandingthe computing environment and risks associated with new technology like Cloud Computing. • Layer 9 - Business Continuity Management;layer #9 is our last resort when services or access to information has been compromised we fall-back to business continuity plans. Layer #9 is where we consider hitting the reset button for the organization, a division, a branch, or office.