Uploaded bymysonfather
22 views

Business Process and securityPPT.pptx

This document provides a summary of the key areas and controls for cybersecurity based on NIST standards. It identifies assets and maps data flows and organizational responsibilities. It also covers establishing policies, performing risk assessments, managing access controls, implementing security awareness training, monitoring networks for anomalies, responding to and mitigating incidents, and planning for recovery after an incident. The overall aim is to protect systems and assets, detect security events, effectively respond when incidents occur, and implement lessons learned to improve security over time.

Embed presentation

BUSINESS PROCESS AND SECURITY Final Report Submitted by: Jainam Shah (100799068) Darshit Patel (100806859) Shaileshkumar Sutariya (100845925) Manasarani Pothineni (100839887) Harsha Patel (100802701) Johar Partap Singh (100845634)
IDENTIFY Asset Management • ID.AM-1: Physical devices and systems within the organization are inventoried • ID.AM-2: Software platforms and applications within the organization are inventoried • ID.AM-3: Organizational communication and data flows are mapped • ID.AM-4: External information systems are catalogued(Not needed) • ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value • ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
IDENTIFY Business Environment • ID.BE-1: The organization’s role in the supply chain is identified and communicated • ID.BE-2: The organization’s place in critical infrastructure and its industry sector is identified and communicated(Not Needed) • ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated • ID.BE-4: Dependencies and critical functions for delivery of critical services are established • ID.BE-5: Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations)
IDENTIFY Governance • ID.GV-1: Organizational cybersecurity policy is established and communicated • ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners • ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed • ID.GV-4: Governance and risk management processes address cybersecurity risks • From the department level to BODs(Bod of director level)cybersecurity
IDENTIFY Risk Assessment • ID.RA-1: Asset vulnerabilities are identified and documented • ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources • ID.RA-3: Threats, both internal and external, are identified and documented • ID.RA-4: Potential business impacts and likelihoods are identified • ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk(Not needed) • ID.RA-6: Risk responses are identified and prioritized
IDENTIFY Risk Management Strategy • ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders • ID.RM-2: Organizational risk tolerance is determined and clearly expressed(No needed) • ID.RM-3: The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis
IDENTIFY Supply Chain Risk Management • ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders • ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process(not needed) • ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization’s cybersecurity program and Cyber Supply Chain Risk Management Plan. • ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations. • ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers
PROTECT • Identity Management and Access Control (PR.AC) • PR.AC-1: Identities and credentials are managed for authorized devices and users. • PR.AC-2: Physical access to assets is Managed and protected • PR.AC-3: Remote access is managed • PR.AC-4: Access permissions are managed, incorporating the principles of least privilege and separation of duties. • PR.AC-5: Network integrity is protected, incorporating network segregation where appropriate.
PROTECT • Awareness and Training (PR.AT) • PR.AT-1: All users are informed and Trained. • PR.AT-2: Privileged users understand roles & responsibilities • PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilities • PR.AT-4: Senior executives understand roles & responsibilities • PR.AT-5: Physical and information security personnel understand roles & responsibilities.
PROTECT • Data Security (PR.DS) • PR.DS-1: Data-at-rest is protected • PR.DS-2: Data-in-transit is protected • PR.DS-3: Assets are formally managed • PR.DS-4: Adequate capacity to ensure availability is maintained • PR.DS-5: Protections against data leaks are implemented • PR.DS-6: Integrity checking mechanisms • PR.DS-7: The development and testing environment(s) are separate from the production environment
PROTECT • Information Protection Processes and Procedures (PR.IS) • PR.IS-1: A baseline configuration of information technology/industrial control systems are created and maintained • PR.IS-2: A System Development Life Cycle to manage systems is implemented. • PR.IS-3: Configuration change control processes are in place • PR.IS-4: Backups of information are conducted, maintained, and tested periodically. • PR.IS-5: Policy and regulations regarding the physical operating environment for organizational assets are met • PR.IS-6: Data is destroyed
PROTECT • Information Protection Processes and Procedures (PR.IS) • PR.IS-7: Protection processes are continuously improved • PR.IS-8: Effectiveness of protection technologies is shared with appropriate parties • PR.IS-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed and tested. • PR.IS-10: Response and recovery plans are tested • PR.IS-11: Cybersecurity is included in human resources practices • PR.IS-12: vulnerability management plan is developed and implemented.
PROTECT • Maintenance (PR.MA) • PR.MA-1: Maintenance and repair of organizational assets is performed and logged in a timely manner • PR.MA-2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access.
PROTECT • Protective Technology (PR.PT) • PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy • PR.PT-2: Removable media is protected and its use restricted according to policy. • PR.PT-3: Access to systems and assets is controlled
DETECT • Anomalies and events (DE.AE) • DE.AE-1: baseline of network operations and expected data flows for users and systems • DE.AE-2: The events that have been detected are evaluated • DE.AE-3: Data is gathered and correlated from a variety of sources and sensors • DE.AE-4: The impact of events is calculated. • DE.AE-5: Incident alert thresholds are established.
DETECT • Security continuous monitoring (DE.CM) • DE.CM-1: The network is being watched • DE.CM-2: The physical environment is monitored • DE.CM-3: To detect potential cybersecurity events, personal activity is tracked • DE.CM-4: Malicious code has been discovered • DE.CM-5: Unauthorized mobile code is detected • DE.CM-6: External service provider activity is monitored • DE.CM-7: Unauthorized individuals, connections, devices, and software are all monitored • DE.CM-8: Vulnerability scans are performed
DETECT • Detection Processes (DE.DP) • DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability • DE.DP-2: Detection activities comply with all applicable requirements • DE.DP-3: Detection processes are tested. • DE.DP-4: Event detection information is communicated • DE.DP-5: Detection processes are continuously improved
RESPOND • Response Planning (RS.RP) • RS.RP-1: Response plan is executed during or after an event. • Communications (RS.CO) • RS.CO-1: Personnel know their roles and order of operations when a response is needed • RS.CO-2: Events are reported consistent with established criteria • RS.CO-3: Information is shared consistent with response plans • RS.CO-4: Coordination with stakeholders occurs consistent with response plans • RS.CO-5: Voluntary information sharing occurs with external stakeholders
RESPOND • Analysis (RS.AN) • RS.AN-1: Notifications from detection systems are investigated • RS.AN-2: The impact of the incident is understood • RS.AN-3: Forensics are performed • RS.AN-4: Incidents are categorized consistent with response plans • Mitigation (RS.MI) • RS.MI-1: Incidents are contained • RS.MI-2: Incidents are mitigated • RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks
RESPOND • Improvements (RS.IM) • RS.IM-1: Response plans incorporate lessons learned • RS.IM-2: Response strategies are updated
RECOVER • Recovery Planning (RC.RP) • RC.RP-1: Recovery plan • RC.RP-2: Recovery processes and procedures • RC.RP-3: Contact external entities • RC.RP-4: Recovery communications • RC.RP-5: Recovery insight sharing • RC.RP-6: Recovery contingency measures • RC.RP-7: Decision making
IMPROVEMENTS (RC.IM) • RC.IM-1: Incorporation of lessons learned by recovery plan. • RC.IM-2: Updation of Recovery strategies COMMUNICATIONS (RC.CO) • RC.CO-1: Managing of Public Relations for the benefit of organization • RC.CO-2: Repairing of reputation of an organization after the occurrence of an incident. • RC.CO-3: Communications of activities employed for recovert from cybersecurity incident towards external and internal
THANK YOU!!

More Related Content

PDF
Cervone uof t - nist framework (1)
byStephen Abram
 
PDF
1. Security and Risk Management
bySam Bowne
 
PDF
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
byTuan Phan
 
PDF
Ch08 8 Information Security Process it-slideshares.blogspot.com
byphanleson
 
PPTX
Security Foundation and Incident Mgmt and BCMS.pptx
byMohsenMojabi1
 
PPTX
Components of Cybersecurity Framework
byOmerZia11
 
PDF
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
byJames W. De Rienzo
 
PDF
NIST critical_infrastructure_cybersecurity.pdf
byssuserb3094b
 
Cervone uof t - nist framework (1)
byStephen Abram
 
1. Security and Risk Management
bySam Bowne
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
byTuan Phan
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
byphanleson
 
Security Foundation and Incident Mgmt and BCMS.pptx
byMohsenMojabi1
 
Components of Cybersecurity Framework
byOmerZia11
 
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
byJames W. De Rienzo
 
NIST critical_infrastructure_cybersecurity.pdf
byssuserb3094b
 

Similar to Business Process and securityPPT.pptx

PDF
CHAPTER 5 -Information assurance management.pdf
byKnkikn21
 
PPTX
Security Baselines and Risk Assessments
byPriyank Hada
 
PDF
Lessons Learned from the NIST CSF
byDigital Bond
 
PPTX
Cybersecurity Assessment Framework - Slideshare.pptx
byAzra'ee Mamat
 
PDF
Nist cybersecurity framework isc2 quantico
byTuan Phan
 
PPTX
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
byTechSoup Canada
 
PDF
Beyond NIST, CMMC certification_webinar.pdf
bybabuml691
 
PDF
Introduction to NIST Cybersecurity Framework
byTuan Phan
 
PDF
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
bySam Bowne
 
PPTX
crisc_wk_2a.pptx
bydotco
 
PDF
CNIT 125: Ch 2. Security and Risk Management (Part 1)
bySam Bowne
 
PDF
CCA study group
byIIBA UK Chapter
 
PPTX
Cloud Security.pptx
byBinod Rimal
 
PPTX
Cybersecurity-Course.9643104.powerpoint.pptx
byAfsanaMumal2
 
PPTX
Cybersecurity Frameworks and You: The Perfect Match
byMcKonly & Asbury, LLP
 
PPTX
Types of Security in Industrial Security
byRJCubillo
 
PDF
Cybersecurity concepts & Defense best practises
byWAJAHAT IQBAL
 
PPTX
CISSP- Security & Risk Management-Domain 1 Overview-Edited.pptx
bymacraaiclass
 
PPTX
Database development and security certification and accreditation plan pitwg
byJohn M. Kennedy
 
PPTX
Cissp- Security and Risk Management
byHamed Moghaddam
 
CHAPTER 5 -Information assurance management.pdf
byKnkikn21
 
Security Baselines and Risk Assessments
byPriyank Hada
 
Lessons Learned from the NIST CSF
byDigital Bond
 
Cybersecurity Assessment Framework - Slideshare.pptx
byAzra'ee Mamat
 
Nist cybersecurity framework isc2 quantico
byTuan Phan
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
byTechSoup Canada
 
Beyond NIST, CMMC certification_webinar.pdf
bybabuml691
 
Introduction to NIST Cybersecurity Framework
byTuan Phan
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
bySam Bowne
 
crisc_wk_2a.pptx
bydotco
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
bySam Bowne
 
CCA study group
byIIBA UK Chapter
 
Cloud Security.pptx
byBinod Rimal
 
Cybersecurity-Course.9643104.powerpoint.pptx
byAfsanaMumal2
 
Cybersecurity Frameworks and You: The Perfect Match
byMcKonly & Asbury, LLP
 
Types of Security in Industrial Security
byRJCubillo
 
Cybersecurity concepts & Defense best practises
byWAJAHAT IQBAL
 
CISSP- Security & Risk Management-Domain 1 Overview-Edited.pptx
bymacraaiclass
 
Database development and security certification and accreditation plan pitwg
byJohn M. Kennedy
 
Cissp- Security and Risk Management
byHamed Moghaddam
 

Recently uploaded

PPTX
ICH Harmonization A Global Pathway to Unified Drug Regulation.pptx
byDr. Smita Kumbhar
 
PDF
Projecte de la porta de primer B: L'antic Egipte
byeduardrubio1
 
PPTX
AI_in_Daily_Life_Presentation and more.pptx
bybantydansena
 
PDF
Projecte de la porta de la classe de primer A: Mar i cel.
byeduardrubio1
 
PPTX
Kochi MuleSoftMeetup_UnlockingMCPServer.pptx
bysandeepmenon62
 
PPTX
York "Collaboration for Research Support at U-M Library"
byNational Information Standards Organization (NISO)
 
PPTX
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
PDF
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
PDF
Projecte de la porta d'i5B: Els animals marins
byeduardrubio1
 
PPTX
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
PDF
1ST APPLICATION FOR ANNULMENT (4)8787666.pdf
bykonstantinantountoum1
 
PDF
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
PPTX
Basics in Phytochemistry, Extraction, Isolation methods, Characterisation etc.
byD. Y. Patil College of Pharmacy, Kolhapur.
 
PDF
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
PPTX
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
PPTX
Semester 6 unit 2 Atopic dermatitis.pptx
bysachin7989
 
PDF
Blood Group Incompatibility: Rh Factor and Erythroblastosis Fetalis
bySudhandraKarthi
 
PDF
Models of Teaching - TNTEU - B.Ed I Semester - Teaching and Learning - BD1TL ...
byDr Raja Mohammed T
 
PPTX
How to Manage Reception Report in Odoo 18 Inventory
byCeline George
 
PPTX
Semester 6 UNIT 2 Dislocation of hip.pptx
bysachin7989
 
ICH Harmonization A Global Pathway to Unified Drug Regulation.pptx
byDr. Smita Kumbhar
 
Projecte de la porta de primer B: L'antic Egipte
byeduardrubio1
 
AI_in_Daily_Life_Presentation and more.pptx
bybantydansena
 
Projecte de la porta de la classe de primer A: Mar i cel.
byeduardrubio1
 
Kochi MuleSoftMeetup_UnlockingMCPServer.pptx
bysandeepmenon62
 
York "Collaboration for Research Support at U-M Library"
byNational Information Standards Organization (NISO)
 
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
Projecte de la porta d'i5B: Els animals marins
byeduardrubio1
 
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
1ST APPLICATION FOR ANNULMENT (4)8787666.pdf
bykonstantinantountoum1
 
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
Basics in Phytochemistry, Extraction, Isolation methods, Characterisation etc.
byD. Y. Patil College of Pharmacy, Kolhapur.
 
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
Semester 6 unit 2 Atopic dermatitis.pptx
bysachin7989
 
Blood Group Incompatibility: Rh Factor and Erythroblastosis Fetalis
bySudhandraKarthi
 
Models of Teaching - TNTEU - B.Ed I Semester - Teaching and Learning - BD1TL ...
byDr Raja Mohammed T
 
How to Manage Reception Report in Odoo 18 Inventory
byCeline George
 
Semester 6 UNIT 2 Dislocation of hip.pptx
bysachin7989
 

Business Process and securityPPT.pptx

  • 1.
    BUSINESS PROCESS AND SECURITY FinalReport Submitted by: Jainam Shah (100799068) Darshit Patel (100806859) Shaileshkumar Sutariya (100845925) Manasarani Pothineni (100839887) Harsha Patel (100802701) Johar Partap Singh (100845634)
  • 2.
    IDENTIFY Asset Management • ID.AM-1:Physical devices and systems within the organization are inventoried • ID.AM-2: Software platforms and applications within the organization are inventoried • ID.AM-3: Organizational communication and data flows are mapped • ID.AM-4: External information systems are catalogued(Not needed) • ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value • ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
  • 3.
    IDENTIFY Business Environment • ID.BE-1:The organization’s role in the supply chain is identified and communicated • ID.BE-2: The organization’s place in critical infrastructure and its industry sector is identified and communicated(Not Needed) • ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated • ID.BE-4: Dependencies and critical functions for delivery of critical services are established • ID.BE-5: Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations)
  • 4.
    IDENTIFY Governance • ID.GV-1: Organizationalcybersecurity policy is established and communicated • ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners • ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed • ID.GV-4: Governance and risk management processes address cybersecurity risks • From the department level to BODs(Bod of director level)cybersecurity
  • 5.
    IDENTIFY Risk Assessment • ID.RA-1:Asset vulnerabilities are identified and documented • ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources • ID.RA-3: Threats, both internal and external, are identified and documented • ID.RA-4: Potential business impacts and likelihoods are identified • ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk(Not needed) • ID.RA-6: Risk responses are identified and prioritized
  • 6.
    IDENTIFY Risk Management Strategy •ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders • ID.RM-2: Organizational risk tolerance is determined and clearly expressed(No needed) • ID.RM-3: The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis
  • 7.
    IDENTIFY Supply Chain RiskManagement • ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders • ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process(not needed) • ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization’s cybersecurity program and Cyber Supply Chain Risk Management Plan. • ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations. • ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers
  • 8.
    PROTECT • Identity Managementand Access Control (PR.AC) • PR.AC-1: Identities and credentials are managed for authorized devices and users. • PR.AC-2: Physical access to assets is Managed and protected • PR.AC-3: Remote access is managed • PR.AC-4: Access permissions are managed, incorporating the principles of least privilege and separation of duties. • PR.AC-5: Network integrity is protected, incorporating network segregation where appropriate.
  • 9.
    PROTECT • Awareness andTraining (PR.AT) • PR.AT-1: All users are informed and Trained. • PR.AT-2: Privileged users understand roles & responsibilities • PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilities • PR.AT-4: Senior executives understand roles & responsibilities • PR.AT-5: Physical and information security personnel understand roles & responsibilities.
  • 10.
    PROTECT • Data Security(PR.DS) • PR.DS-1: Data-at-rest is protected • PR.DS-2: Data-in-transit is protected • PR.DS-3: Assets are formally managed • PR.DS-4: Adequate capacity to ensure availability is maintained • PR.DS-5: Protections against data leaks are implemented • PR.DS-6: Integrity checking mechanisms • PR.DS-7: The development and testing environment(s) are separate from the production environment
  • 11.
    PROTECT • Information ProtectionProcesses and Procedures (PR.IS) • PR.IS-1: A baseline configuration of information technology/industrial control systems are created and maintained • PR.IS-2: A System Development Life Cycle to manage systems is implemented. • PR.IS-3: Configuration change control processes are in place • PR.IS-4: Backups of information are conducted, maintained, and tested periodically. • PR.IS-5: Policy and regulations regarding the physical operating environment for organizational assets are met • PR.IS-6: Data is destroyed
  • 12.
    PROTECT • Information ProtectionProcesses and Procedures (PR.IS) • PR.IS-7: Protection processes are continuously improved • PR.IS-8: Effectiveness of protection technologies is shared with appropriate parties • PR.IS-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed and tested. • PR.IS-10: Response and recovery plans are tested • PR.IS-11: Cybersecurity is included in human resources practices • PR.IS-12: vulnerability management plan is developed and implemented.
  • 13.
    PROTECT • Maintenance (PR.MA) •PR.MA-1: Maintenance and repair of organizational assets is performed and logged in a timely manner • PR.MA-2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access.
  • 14.
    PROTECT • Protective Technology(PR.PT) • PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy • PR.PT-2: Removable media is protected and its use restricted according to policy. • PR.PT-3: Access to systems and assets is controlled
  • 15.
    DETECT • Anomalies andevents (DE.AE) • DE.AE-1: baseline of network operations and expected data flows for users and systems • DE.AE-2: The events that have been detected are evaluated • DE.AE-3: Data is gathered and correlated from a variety of sources and sensors • DE.AE-4: The impact of events is calculated. • DE.AE-5: Incident alert thresholds are established.
  • 16.
    DETECT • Security continuousmonitoring (DE.CM) • DE.CM-1: The network is being watched • DE.CM-2: The physical environment is monitored • DE.CM-3: To detect potential cybersecurity events, personal activity is tracked • DE.CM-4: Malicious code has been discovered • DE.CM-5: Unauthorized mobile code is detected • DE.CM-6: External service provider activity is monitored • DE.CM-7: Unauthorized individuals, connections, devices, and software are all monitored • DE.CM-8: Vulnerability scans are performed
  • 17.
    DETECT • Detection Processes(DE.DP) • DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability • DE.DP-2: Detection activities comply with all applicable requirements • DE.DP-3: Detection processes are tested. • DE.DP-4: Event detection information is communicated • DE.DP-5: Detection processes are continuously improved
  • 18.
    RESPOND • Response Planning(RS.RP) • RS.RP-1: Response plan is executed during or after an event. • Communications (RS.CO) • RS.CO-1: Personnel know their roles and order of operations when a response is needed • RS.CO-2: Events are reported consistent with established criteria • RS.CO-3: Information is shared consistent with response plans • RS.CO-4: Coordination with stakeholders occurs consistent with response plans • RS.CO-5: Voluntary information sharing occurs with external stakeholders
  • 19.
    RESPOND • Analysis (RS.AN) •RS.AN-1: Notifications from detection systems are investigated • RS.AN-2: The impact of the incident is understood • RS.AN-3: Forensics are performed • RS.AN-4: Incidents are categorized consistent with response plans • Mitigation (RS.MI) • RS.MI-1: Incidents are contained • RS.MI-2: Incidents are mitigated • RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks
  • 20.
    RESPOND • Improvements (RS.IM) •RS.IM-1: Response plans incorporate lessons learned • RS.IM-2: Response strategies are updated
  • 21.
    RECOVER • Recovery Planning(RC.RP) • RC.RP-1: Recovery plan • RC.RP-2: Recovery processes and procedures • RC.RP-3: Contact external entities • RC.RP-4: Recovery communications • RC.RP-5: Recovery insight sharing • RC.RP-6: Recovery contingency measures • RC.RP-7: Decision making
  • 22.
    IMPROVEMENTS (RC.IM) • RC.IM-1:Incorporation of lessons learned by recovery plan. • RC.IM-2: Updation of Recovery strategies COMMUNICATIONS (RC.CO) • RC.CO-1: Managing of Public Relations for the benefit of organization • RC.CO-2: Repairing of reputation of an organization after the occurrence of an incident. • RC.CO-3: Communications of activities employed for recovert from cybersecurity incident towards external and internal
  • 23.