SlideShare a Scribd company logo

1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx

Download as DOCX, PDF
H
herminaprocter

1 Copyright © 2012, Elsevier Inc. All Rights Reserved Chapter 5 Commonality Cyber Attacks Protecting National Infrastructure, 1st ed. 2 • Certain security attributes must be present in all aspects and areas of national infrastructure to ensure maximum resilience against attack • Best practices, standards, and audits establish a low- water mark for all relevant organizations • Audits must be both meaningful and measurable – Often the most measurable things aren’t all that meaningful Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Introduction 3 • Common security-related best practice standards – Federal Information Security Management Act (FISMA) – Health Insurance Portability and Accountability Act (HIPAA) – Payment Card Industry Data Security Standard (PCI DSS) – ISO/IEC 27000 Standard (ISO27K) Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Introduction 4 Fig. 5.1 – Illustrative security audits for two organizations Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality 5 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Fig. 5.2 – Relationship between meaningful and measurable requirements 6 • The primary motivation for proper infrastructure protection should be success based and economic – Not the audit score • Security of critical components relies on – Step #1: Standard audit – Step #2: World-class focus • Sometimes security audit standards and best practices proven through experience are in conflict Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Meaningful Best Practices for Infrastructure Protection 7 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Fig. 5.3 – Methodology to achieve world-class infrastructure protection practices 8 • Four basic security policy considerations are recommended – Enforceable: Policies without enforcement are not valuable – Small: Keep it simple and current – Online: Policy info needs to be online and searchable – Inclusive: Good policy requires analysis in order to include computing and networking elements in the local nat’l infrastructure environment Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Locally Relevant and Appropriate Security Policy 9 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Fig. 5.4 – Decision process for security policy analysis 10 • Create an organizational culture of security protection • Culture of security is one where standard operating procedures provide a secure environment • Ideal environment marries creativity and interest in new technologies with caution and a healthy aversion to risk Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Culture of Security Protection 11 Copyrigh.

Education
1 of 15
1 Copyright © 2012, Elsevier Inc. All Rights Reserved Chapter 5 Commonality Cyber Attacks Protecting National Infrastructure, 1st ed. 2 • Certain security attributes must be present in all aspects and areas of national infrastructure to ensure maximum resilience against attack • Best practices, standards, and audits establish a low- water mark for all relevant organizations • Audits must be both meaningful and measurable – Often the most measurable things aren’t all that meaningful Copyright © 2012, Elsevier Inc. All rights Reserved C
hapter 5 – C om m onality Introduction 3 • Common security-related best practice standards – Federal Information Security Management Act (FISMA) – Health Insurance Portability and Accountability Act (HIPAA) – Payment Card Industry Data Security Standard (PCI DSS) – ISO/IEC 27000 Standard (ISO27K) Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Introduction
4 Fig. 5.1 – Illustrative security audits for two organizations Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality 5 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Fig. 5.2 – Relationship between meaningful and measurable
requirements 6 • The primary motivation for proper infrastructure protection should be success based and economic – Not the audit score • Security of critical components relies on – Step #1: Standard audit – Step #2: World-class focus • Sometimes security audit standards and best practices proven through experience are in conflict Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Meaningful Best Practices for Infrastructure Protection 7 Copyright © 2012, Elsevier Inc.
All rights Reserved C hapter 5 – C om m onality Fig. 5.3 – Methodology to achieve world-class infrastructure protection practices 8 • Four basic security policy considerations are recommended – Enforceable: Policies without enforcement are not valuable – Small: Keep it simple and current – Online: Policy info needs to be online and searchable – Inclusive: Good policy requires analysis in order to include computing and networking elements in the local nat’l infrastructure environment Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 5 – C om m onality Locally Relevant and Appropriate Security Policy 9 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Fig. 5.4 – Decision process for security policy analysis 10 • Create an organizational culture of security
protection • Culture of security is one where standard operating procedures provide a secure environment • Ideal environment marries creativity and interest in new technologies with caution and a healthy aversion to risk Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Culture of Security Protection 11 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om
m onality Fig. 5.5 – Spectrum of organizational culture of security options 12 • Organizations should be explicitly committed to infrastructure simplification • Common problems found in design and operation of national infrastructure – Lack of generalization – Clouding the obvious – Stream-of-consciousness design – Nonuniformity Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Infrastructure Simplification
13 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Fig. 5.6 – Sample cluttered engineering chart 14 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Fig. 5.7 – Simplified engineering chart
15 • How to simplify a national infrastructure environment – Reduce its size – Generalize concepts – Clean interfaces – Highlight patterns – Reduce clutter Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Infrastructure Simplification 16 • Key decision-makers need certification and education programs • Hundred percent end-user awareness is impractical; instead focus on improving security competence of decision-makers – Senior Managers
– Designers and developers – Administrators – Security team members • Create low-cost, high-return activities to certify and educate end users Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Certification and Education 17 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality
Fig. 5.8 – Return on investment (ROI) trends for security education 18 • Create and establish career paths and reward structures for security professionals • These elements should be present in national infrastructure environments – Attractive salaries – Career paths – Senior managers Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Career Path and Reward Structure 19 • Companies and agencies being considered for
national infrastructure work should be required to demonstrate past practice in live security incidents • Companies and agencies must do a better job of managing their inventory of live incidents Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Responsible Past Security Practice 20 • Companies and agencies being considered for national infrastructure work should provide evidence of the following past practices – Past damage – Past prevention – Past response Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 –
C om m onality Responsible Past Security Practice 21 • A national commonality plan involves balancing the following concerns – Plethora of existing standards – Low-water mark versus world class – Existing commissions and boards Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality National Commonality Program
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx

Recommended

Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
Copyright © 2012, Elsevier Inc. All Rights ReservedChapter 5.docx
Copyright © 2012, Elsevier Inc. All Rights ReservedChapter 5.docxCopyright © 2012, Elsevier Inc. All Rights ReservedChapter 5.docx
Copyright © 2012, Elsevier Inc. All Rights ReservedChapter 5.docxbobbywlane695641
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Security Architecture Principles
Security Architecture PrinciplesSecurity Architecture Principles
Security Architecture PrinciplesRichard Dempers
 
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...Denim Group
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docxaulasnilda
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62AlliedConSapCourses
 

Recommended

Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
Copyright © 2012, Elsevier Inc. All Rights ReservedChapter 5.docx
Copyright © 2012, Elsevier Inc. All Rights ReservedChapter 5.docxCopyright © 2012, Elsevier Inc. All Rights ReservedChapter 5.docx
Copyright © 2012, Elsevier Inc. All Rights ReservedChapter 5.docxbobbywlane695641
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Security Architecture Principles
Security Architecture PrinciplesSecurity Architecture Principles
Security Architecture PrinciplesRichard Dempers
 
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...Denim Group
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docxaulasnilda
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62AlliedConSapCourses
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
11Copyright © 2012, Elsevier Inc. All Rights Reserved
11Copyright © 2012, Elsevier Inc. All Rights Reserved11Copyright © 2012, Elsevier Inc. All Rights Reserved
11Copyright © 2012, Elsevier Inc. All Rights ReservedMargenePurnell14
 
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docxaulasnilda
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptxPrashant Singh
 
Security policy and standards
Security policy and standardsSecurity policy and standards
Security policy and standardsWilson Musyoka
 
Topic11
Topic11Topic11
Topic11Anne Starr
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Directorate of Information Security | Ditjen Aptika
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsDenim Group
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Chapter 5
Chapter 5Chapter 5
Chapter 5sivadnolram
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-levelDonald Tabone
 
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...Synopsys Software Integrity Group
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
2. Framework Graphic  Candidates will create a graphic that re.docx
2. Framework Graphic  Candidates will create a graphic that re.docx2. Framework Graphic  Candidates will create a graphic that re.docx
2. Framework Graphic  Candidates will create a graphic that re.docxherminaprocter
 
2. Research Article Review – Read one (1) research articles on T.docx
2. Research Article Review – Read one (1) research articles on T.docx2. Research Article Review – Read one (1) research articles on T.docx
2. Research Article Review – Read one (1) research articles on T.docxherminaprocter
 

More Related Content

Similar to 1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx

Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
11Copyright © 2012, Elsevier Inc. All Rights Reserved
11Copyright © 2012, Elsevier Inc. All Rights Reserved11Copyright © 2012, Elsevier Inc. All Rights Reserved
11Copyright © 2012, Elsevier Inc. All Rights ReservedMargenePurnell14
 
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docxaulasnilda
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptxPrashant Singh
 
Security policy and standards
Security policy and standardsSecurity policy and standards
Security policy and standardsWilson Musyoka
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsDenim Group
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-levelDonald Tabone
 
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...Synopsys Software Integrity Group
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 

Similar to 1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx (20)

Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 
11Copyright © 2012, Elsevier Inc. All Rights Reserved
11Copyright © 2012, Elsevier Inc. All Rights Reserved11Copyright © 2012, Elsevier Inc. All Rights Reserved
11Copyright © 2012, Elsevier Inc. All Rights Reserved
 
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
11Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
 
Security policy and standards
Security policy and standardsSecurity policy and standards
Security policy and standards
 
Topic11
Topic11Topic11
Topic11
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
 
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 

More from herminaprocter

2. Framework Graphic  Candidates will create a graphic that re.docx
2. Framework Graphic  Candidates will create a graphic that re.docx2. Framework Graphic  Candidates will create a graphic that re.docx
2. Framework Graphic  Candidates will create a graphic that re.docxherminaprocter
 
2. Research Article Review – Read one (1) research articles on T.docx
2. Research Article Review – Read one (1) research articles on T.docx2. Research Article Review – Read one (1) research articles on T.docx
2. Research Article Review – Read one (1) research articles on T.docxherminaprocter
 
2) In examining Document 4 and Document 6, how did the.docx
2) In examining Document 4 and Document 6, how did the.docx2) In examining Document 4 and Document 6, how did the.docx
2) In examining Document 4 and Document 6, how did the.docxherminaprocter
 
2-3 pages in length (including exhibits, tables and appendices.docx
2-3 pages in length (including exhibits, tables and appendices.docx2-3 pages in length (including exhibits, tables and appendices.docx
2-3 pages in length (including exhibits, tables and appendices.docxherminaprocter
 
2. Sandra is a parent who believes that play is just entertainment f.docx
2. Sandra is a parent who believes that play is just entertainment f.docx2. Sandra is a parent who believes that play is just entertainment f.docx
2. Sandra is a parent who believes that play is just entertainment f.docxherminaprocter
 
2.2 Discussion What Is LeadershipGetting StartedR.docx
2.2 Discussion What Is LeadershipGetting StartedR.docx2.2 Discussion What Is LeadershipGetting StartedR.docx
2.2 Discussion What Is LeadershipGetting StartedR.docxherminaprocter
 
2.  You are a member of the Human Resource Department of a medium-si.docx
2.  You are a member of the Human Resource Department of a medium-si.docx2.  You are a member of the Human Resource Department of a medium-si.docx
2.  You are a member of the Human Resource Department of a medium-si.docxherminaprocter
 
2.1.  What is Strategic Human Resource Management Differentiate bet.docx
2.1.  What is Strategic Human Resource Management Differentiate bet.docx2.1.  What is Strategic Human Resource Management Differentiate bet.docx
2.1.  What is Strategic Human Resource Management Differentiate bet.docxherminaprocter
 
2,___Use of no less than six slides and no more than seven .docx
2,___Use of no less than six slides and no more than seven .docx2,___Use of no less than six slides and no more than seven .docx
2,___Use of no less than six slides and no more than seven .docxherminaprocter
 
2. Multicultural Interview Paper Students may begin this.docx
2. Multicultural Interview Paper Students may begin this.docx2. Multicultural Interview Paper Students may begin this.docx
2. Multicultural Interview Paper Students may begin this.docxherminaprocter
 
2-4A summary of your findings regarding sexual orientation and.docx
2-4A summary of your findings regarding sexual orientation and.docx2-4A summary of your findings regarding sexual orientation and.docx
2-4A summary of your findings regarding sexual orientation and.docxherminaprocter
 
2- to 4A description of the services in your local communi.docx
2- to 4A description of the services in your local communi.docx2- to 4A description of the services in your local communi.docx
2- to 4A description of the services in your local communi.docxherminaprocter
 
2  or more paragraphAs previously noted, the Brocks have some of.docx
2  or more paragraphAs previously noted, the Brocks have some of.docx2  or more paragraphAs previously noted, the Brocks have some of.docx
2  or more paragraphAs previously noted, the Brocks have some of.docxherminaprocter
 
2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docx
2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docx2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docx
2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docxherminaprocter
 
2 postsRe Topic 2 DQ 1Social determinants of health are fac.docx
2 postsRe Topic 2 DQ 1Social determinants of health are fac.docx2 postsRe Topic 2 DQ 1Social determinants of health are fac.docx
2 postsRe Topic 2 DQ 1Social determinants of health are fac.docxherminaprocter
 
2 peer responses due in 4 hoursMALEETAS POSTWorld War .docx
2 peer responses due in 4 hoursMALEETAS POSTWorld War .docx2 peer responses due in 4 hoursMALEETAS POSTWorld War .docx
2 peer responses due in 4 hoursMALEETAS POSTWorld War .docxherminaprocter
 
2 Pages for 4 questions below1) Some say that analytics in gener.docx
2 Pages for 4 questions below1) Some say that analytics in gener.docx2 Pages for 4 questions below1) Some say that analytics in gener.docx
2 Pages for 4 questions below1) Some say that analytics in gener.docxherminaprocter
 
2 Ethics Session 1.pptxEthics in Engineering Pra.docx
2 Ethics Session 1.pptxEthics in Engineering Pra.docx2 Ethics Session 1.pptxEthics in Engineering Pra.docx
2 Ethics Session 1.pptxEthics in Engineering Pra.docxherminaprocter
 
2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docx
2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docx2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docx
2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docxherminaprocter
 
2 Requirements Elicitation A Survey of Techniques, Ap.docx
2 Requirements Elicitation A Survey of Techniques, Ap.docx2 Requirements Elicitation A Survey of Techniques, Ap.docx
2 Requirements Elicitation A Survey of Techniques, Ap.docxherminaprocter
 

More from herminaprocter (20)

2. Framework Graphic  Candidates will create a graphic that re.docx
2. Framework Graphic  Candidates will create a graphic that re.docx2. Framework Graphic  Candidates will create a graphic that re.docx
2. Framework Graphic  Candidates will create a graphic that re.docx
 
2. Research Article Review – Read one (1) research articles on T.docx
2. Research Article Review – Read one (1) research articles on T.docx2. Research Article Review – Read one (1) research articles on T.docx
2. Research Article Review – Read one (1) research articles on T.docx
 
2) In examining Document 4 and Document 6, how did the.docx
2) In examining Document 4 and Document 6, how did the.docx2) In examining Document 4 and Document 6, how did the.docx
2) In examining Document 4 and Document 6, how did the.docx
 
2-3 pages in length (including exhibits, tables and appendices.docx
2-3 pages in length (including exhibits, tables and appendices.docx2-3 pages in length (including exhibits, tables and appendices.docx
2-3 pages in length (including exhibits, tables and appendices.docx
 
2. Sandra is a parent who believes that play is just entertainment f.docx
2. Sandra is a parent who believes that play is just entertainment f.docx2. Sandra is a parent who believes that play is just entertainment f.docx
2. Sandra is a parent who believes that play is just entertainment f.docx
 
2.2 Discussion What Is LeadershipGetting StartedR.docx
2.2 Discussion What Is LeadershipGetting StartedR.docx2.2 Discussion What Is LeadershipGetting StartedR.docx
2.2 Discussion What Is LeadershipGetting StartedR.docx
 
2.  You are a member of the Human Resource Department of a medium-si.docx
2.  You are a member of the Human Resource Department of a medium-si.docx2.  You are a member of the Human Resource Department of a medium-si.docx
2.  You are a member of the Human Resource Department of a medium-si.docx
 
2.1.  What is Strategic Human Resource Management Differentiate bet.docx
2.1.  What is Strategic Human Resource Management Differentiate bet.docx2.1.  What is Strategic Human Resource Management Differentiate bet.docx
2.1.  What is Strategic Human Resource Management Differentiate bet.docx
 
2,___Use of no less than six slides and no more than seven .docx
2,___Use of no less than six slides and no more than seven .docx2,___Use of no less than six slides and no more than seven .docx
2,___Use of no less than six slides and no more than seven .docx
 
2. Multicultural Interview Paper Students may begin this.docx
2. Multicultural Interview Paper Students may begin this.docx2. Multicultural Interview Paper Students may begin this.docx
2. Multicultural Interview Paper Students may begin this.docx
 
2-4A summary of your findings regarding sexual orientation and.docx
2-4A summary of your findings regarding sexual orientation and.docx2-4A summary of your findings regarding sexual orientation and.docx
2-4A summary of your findings regarding sexual orientation and.docx
 
2- to 4A description of the services in your local communi.docx
2- to 4A description of the services in your local communi.docx2- to 4A description of the services in your local communi.docx
2- to 4A description of the services in your local communi.docx
 
2  or more paragraphAs previously noted, the Brocks have some of.docx
2  or more paragraphAs previously noted, the Brocks have some of.docx2  or more paragraphAs previously noted, the Brocks have some of.docx
2  or more paragraphAs previously noted, the Brocks have some of.docx
 
2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docx
2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docx2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docx
2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docx
 
2 postsRe Topic 2 DQ 1Social determinants of health are fac.docx
2 postsRe Topic 2 DQ 1Social determinants of health are fac.docx2 postsRe Topic 2 DQ 1Social determinants of health are fac.docx
2 postsRe Topic 2 DQ 1Social determinants of health are fac.docx
 
2 peer responses due in 4 hoursMALEETAS POSTWorld War .docx
2 peer responses due in 4 hoursMALEETAS POSTWorld War .docx2 peer responses due in 4 hoursMALEETAS POSTWorld War .docx
2 peer responses due in 4 hoursMALEETAS POSTWorld War .docx
 
2 Pages for 4 questions below1) Some say that analytics in gener.docx
2 Pages for 4 questions below1) Some say that analytics in gener.docx2 Pages for 4 questions below1) Some say that analytics in gener.docx
2 Pages for 4 questions below1) Some say that analytics in gener.docx
 
2 Ethics Session 1.pptxEthics in Engineering Pra.docx
2 Ethics Session 1.pptxEthics in Engineering Pra.docx2 Ethics Session 1.pptxEthics in Engineering Pra.docx
2 Ethics Session 1.pptxEthics in Engineering Pra.docx
 
2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docx
2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docx2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docx
2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docx
 
2 Requirements Elicitation A Survey of Techniques, Ap.docx
2 Requirements Elicitation A Survey of Techniques, Ap.docx2 Requirements Elicitation A Survey of Techniques, Ap.docx
2 Requirements Elicitation A Survey of Techniques, Ap.docx
 

Recently uploaded

Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxUmeshTimilsina1
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17Celine George
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 

Recently uploaded (20)

Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 

1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx

  • 1. 1 Copyright © 2012, Elsevier Inc. All Rights Reserved Chapter 5 Commonality Cyber Attacks Protecting National Infrastructure, 1st ed. 2 • Certain security attributes must be present in all aspects and areas of national infrastructure to ensure maximum resilience against attack • Best practices, standards, and audits establish a low- water mark for all relevant organizations • Audits must be both meaningful and measurable – Often the most measurable things aren’t all that meaningful Copyright © 2012, Elsevier Inc. All rights Reserved C
  • 2. hapter 5 – C om m onality Introduction 3 • Common security-related best practice standards – Federal Information Security Management Act (FISMA) – Health Insurance Portability and Accountability Act (HIPAA) – Payment Card Industry Data Security Standard (PCI DSS) – ISO/IEC 27000 Standard (ISO27K) Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Introduction
  • 3. 4 Fig. 5.1 – Illustrative security audits for two organizations Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality 5 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Fig. 5.2 – Relationship between meaningful and measurable
  • 4. requirements 6 • The primary motivation for proper infrastructure protection should be success based and economic – Not the audit score • Security of critical components relies on – Step #1: Standard audit – Step #2: World-class focus • Sometimes security audit standards and best practices proven through experience are in conflict Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Meaningful Best Practices for Infrastructure Protection 7 Copyright © 2012, Elsevier Inc.
  • 5. All rights Reserved C hapter 5 – C om m onality Fig. 5.3 – Methodology to achieve world-class infrastructure protection practices 8 • Four basic security policy considerations are recommended – Enforceable: Policies without enforcement are not valuable – Small: Keep it simple and current – Online: Policy info needs to be online and searchable – Inclusive: Good policy requires analysis in order to include computing and networking elements in the local nat’l infrastructure environment Copyright © 2012, Elsevier Inc. All rights Reserved
  • 6. C hapter 5 – C om m onality Locally Relevant and Appropriate Security Policy 9 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Fig. 5.4 – Decision process for security policy analysis 10 • Create an organizational culture of security
  • 7. protection • Culture of security is one where standard operating procedures provide a secure environment • Ideal environment marries creativity and interest in new technologies with caution and a healthy aversion to risk Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Culture of Security Protection 11 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om
  • 8. m onality Fig. 5.5 – Spectrum of organizational culture of security options 12 • Organizations should be explicitly committed to infrastructure simplification • Common problems found in design and operation of national infrastructure – Lack of generalization – Clouding the obvious – Stream-of-consciousness design – Nonuniformity Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Infrastructure Simplification
  • 9. 13 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Fig. 5.6 – Sample cluttered engineering chart 14 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Fig. 5.7 – Simplified engineering chart
  • 10. 15 • How to simplify a national infrastructure environment – Reduce its size – Generalize concepts – Clean interfaces – Highlight patterns – Reduce clutter Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Infrastructure Simplification 16 • Key decision-makers need certification and education programs • Hundred percent end-user awareness is impractical; instead focus on improving security competence of decision-makers – Senior Managers
  • 11. – Designers and developers – Administrators – Security team members • Create low-cost, high-return activities to certify and educate end users Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Certification and Education 17 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality
  • 12. Fig. 5.8 – Return on investment (ROI) trends for security education 18 • Create and establish career paths and reward structures for security professionals • These elements should be present in national infrastructure environments – Attractive salaries – Career paths – Senior managers Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Career Path and Reward Structure 19 • Companies and agencies being considered for
  • 13. national infrastructure work should be required to demonstrate past practice in live security incidents • Companies and agencies must do a better job of managing their inventory of live incidents Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality Responsible Past Security Practice 20 • Companies and agencies being considered for national infrastructure work should provide evidence of the following past practices – Past damage – Past prevention – Past response Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 –
  • 14. C om m onality Responsible Past Security Practice 21 • A national commonality plan involves balancing the following concerns – Plethora of existing standards – Low-water mark versus world class – Existing commissions and boards Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 5 – C om m onality National Commonality Program