Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Fundamental Concepts of Cyber Resilience: Introduction and Overview Kapitel lesen Erstes Kapitel lesen

2019 | OriginalPaper | Buchkapitel

4. Frameworks and Best Practices

verfasst von : Brianna Keys, Stuart Shapiro

Erschienen in: Cyber Resilience of Systems and Networks

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The second part of the book focuses on approaches to assessment and analysis of cyber resilience. Having discussed, in the previous two chapters, perspectives on quantifying cyber resilience, we now present several chapters that assemble qualitative and quantitative inputs for a broad range of metrics that might apply to cyber resilience. Some of these approaches (e.g., most of this chapter and the next one) are largely qualitative and based on human review and judgment of pertinent aspects of systems, organization, and processes. Other is based on quantitative and often theoretically rigorous modeling and simulation of systems, networks, and processes.
The purpose of this chapter is to outline best practices in an array of areas related to cyber resilience. While by no means offering an exhaustive list of best practices, the chapter provides an organization with means to “see what works” at other organizations. It offers these best practices within existing frameworks related to dimensions of cyber resilience. The chapter begins with a discussion of several existing frameworks and guidelines that can be utilized to think about cyber resilience. Then, the chapter describes a set of “best practices” based on a selection of metrics from these frameworks. These best practices can help an organization as a guide to implementing specific policies that would improve their cyber resilience.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Metrics Based on the Mission Risk Perspective
Nächstes Kapitel Analysis of Dependencies
Fußnoten
1
Linkov, I., Eisenberg, D. A., Plourde, K., Seager, T. P, Allen, J., & Kott, A. (2013). Resilience Metrics for Cyber Systems. Environment Systems and Decisions, 33(4), 471.
 
2
National Research Council. (2012). Disaster Resilience: A National Imperative. The National Academies Press. Retrieved from http://​nap.​edu/​13457
 
3
Alberts, D. (2002). Information age transformation, getting to a twenty-first century military. DOD Command and Control Research Program. Retrieved from http://​www.​dtic.​mil/​get-tr-doc/​pdf?​AD=​ADA457904
 
4
National Institute of Standards and Technology. (2014). Framework for Improving Critical Infrastructure Cybersecurity. Retrieved from http://​www.​nist.​gov/​cyberframework/​upload/​cybersecurity-framework-021214.​pdf
 
5
Ibid.
 
6
Pfeiffer, M. (2015). Managing Technology Risks Through Technological Proficiency. Retrieved from http://​blousteinlocal.​rutgers.​edu/​managing-technology-risk/​
 
7
Ibid.
 
8
We used our best judgment to place the NIST metrics in the appropriate cell.
 
9
Wind River. (2015). Security in the Internet of Things: Lessons from the Past for the Connected Future. Page 4. Retrieved from http://​www.​windriver.​com/​whitepapers/​security-in-the-internet-of-things/​wr_​security-in-the-internet-of-things.​pdf
 
10
Ibid.
 
11
Ibid.
 
12
U.S. Department of Homeland Security. Cybersecurity & Privacy. Retrieved from https://​www.​dhs.​gov/​sites/​default/​files/​publications/​privacy_​cyber_​0.​pdf
 
14
Ibid.
 
15
How to Create A Cyber Security Culture + Employee Security Awareness. Retrieved from http://​www.​hedgeco.​net/​blogs/​2016/​03/​11/​cybersecurity-plans/​
 
16
The Financial Industry Regulatory Authority. (2015). Report on Cybersecurity Practices. Retrieved from https://​www.​finra.​org/​sites/​default/​files/​p602363%20​Report%20​on%20​Cybersecurity%20​Practices_​0.​pdf
 
17
Ibid.
 
18
Ibid.
 
19
Ibid.
 
20
Ibid.
 
21
Ibid.
 
22
FitzGerald, B., & Sander, A. (2015). Opinion: Cybersecurity Collaboration Needs A Toolkit. So We Built A Prototype. Retrieved from http://​www.​csmonitor.​com/​World/​Passcode/​Passcode-Voices/​2015/​1204/​Opinion-Cybersecurity-collaboration-needs-a-toolkit.​-So-we-built-a-prototype
 
23
Pielocik, M. (2004). Social Engineering: The Friendly Hacker. Page 12. SANS Institute. Retrieved from https://​www.​giac.​org/​paper/​gsec/​3792/​social-engineering-the-friendly-hacker/​106104
 
24
Proffitt, T. (2007). Creating and Managing an Incident Response Team for a Large Company. Page 15. SANS Institute. Retrieved from https://​www.​sans.​org/​reading-room/​whitepapers/​incident/​creating-managing-incident-response-team-large-company-1821
 
25
Brown, M. J., Stikvoort, D., Kossakowski, K., Killcrece, G., Ruefle, R., & Zajicek, M. (2003). Handbook for Computer Security Incident Response Teams (CSIRTs). Retrieved from http://​repository.​cmu.​edu/​cgi/​viewcontent.​cgi?​article=​1570&​context=​sei
 
26
Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer Security Incident Handling Guide. Retrieved from http://​nvlpubs.​nist.​gov/​nistpubs/​SpecialPublicati​ons/​NIST.​SP.​800-61r2.​pdf
 
27
Helms, M. M. Best Practices for Protecting Employee Data in the Age of Cybersecurity Issues. Retrieved from http://​hrprofessionalsm​agazine.​com/​best-practices-for-protecting-employee-data-in-the-age-of-cybersecurity-issues/​
 
28
SANS Institute. (2015). SANS Securing The Human 2015 Security Awareness Report. Retrieved from https://​securingthehuman​.​sans.​org/​media/​resources/​STH-SecurityAwarenes​sReport-2015.​pdf
 
29
NIST. (2013). Security and Privacy Controls for Federal Information Systems and Organizations. Retrieved from http://​nvlpubs.​nist.​gov/​nistpubs/​SpecialPublicati​ons/​NIST.​SP.​800-53r4.​pdf?​n=​44819
 
30
PricewaterhouseCoopers. The Global State of Information Security Survey 2016. Retrieved from http://​www.​pwc.​com/​gx/​en/​issues/​cyber-security/​information-security-survey.​html
 
31
Faughnder, R., & Hamedy, S. (2014). Sony insider – not North Korea – likely involved in hack, experts say. Retrieved from http://​www.​latimes.​com/​entertainment/​envelope/​cotown/​la-et-ct-sony-hack-inside-job-not-north-korea-20141231-story.​html
 
32
Linkov, I., Poinsatte-Jones, K., Trump, B., Ganin, A., & Kepner, J. (2017) Cyber Risk and Resilience: Rules and Regulations to Minimize Cyber Threats. In A. Kott and I. Linkov (Eds). Cyber Resilience (pp. 198–217). Springer.
 
33
Krocker, G. W. (2002). Disaster Recovery Plan Testing: Cycle the Plan, Plan the Cycle. SANS Institute InfoSec Reading Room. Retrieved from https://​www.​sans.​org/​reading-room/​whitepapers/​recovery/​disaster-recovery-plan-testing-cycle-plan-plan-cycle-56
 
34
Ibid. Page 4.
 
35
Ibid.
 
36
There are several chapters in this book that address narrower aspects of structures and components. For more information about analysis of cyber-physical systems, see Karsai, G., Koutsoukos, X., Neema, H., Volgyesi, P., and Sztipanovits, J. Simulation-Based Analysis of Cyber Resilience in Cyber-Physical Systems. In A. Kott and I. Linkov (Eds). Cyber Resilience (pp. 130–148). Springer. For more information on assessing cyber dependencies, see Evans, N. Assessing Cyber Resilience: Cyber Dependencies. In A. Kott and I. Linkov (Eds). Cyber Resilience (pp. 130–148). Springer.
 
37
Rush, G. D. (2015). Cyber Security Research Frameworks for Coevolutionary Networks Defense. Retrieved from http://​permalink.​lanl.​gov/​object/​tr?​what=​info:​lanl-repo/​lareport/​LA-UR-15-29293
 
38
Paquet, C. (2013). Network Security Concepts and Policies. Cisco. Retrieved from http://​www.​ciscopress.​com/​articles/​article.​asp?​p=​1998559
 
39
Ibid.
 
41
Security Magazine. (2016). Majority of Businesses Lack Resources to Manage External Cyber Attacks. Retrieved from http://​www.​securitymagazine​.​com/​articles/​87267-majority-of-businesses-lack-resources-to-manage-external-cyber-attacks
 
43
Bromiley, Matt. (2016). Incident Response Capabilities in 2016: The 2016 SANS Incident Response Survey. SANS Institute. Retrieved from https://​www.​sans.​org/​reading-room/​whitepapers/​incident/​incident-response-capabilities-2016-2016-incident-response-survey-37047
 
44
SANS Institute. Incident Detection FAQs: What are the steps to handle an incident? Retrieved from https://​www.​sans.​org/​security-resources/​idfaq/​what-are-the-steps-to-handle-an-incident/​5/​1
 
46
Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer Security Incident Handling Guide. Retrieved from http://​nvlpubs.​nist.​gov/​nistpubs/​SpecialPublicati​ons/​NIST.​SP.​800-61r2.​pdf
 
47
Ibid.
 
48
Ibid.
 
49
Ibid.
 
50
Ibid.
 
51
Cybenko, George. (2017) Metrics of Cyber Resilience. In A. Kott and I. Linkov (Eds). Cyber Resilience (pp. 26–38). Springer.
 
53
SANS Institute. (2015). Cleaning Up After a Breach, Post-Breach Impact: A Cost Compendium. https://​www.​sans.​org/​reading-room/​whitepapers/​analyst/​cleaning-breach-post-breach-impact-cost-compendium-36517
 
54
Federal Financial Institutions Examination Council. Reputation Risk. IT Examination Handbook Infobase. http://​ithandbook.​ffiec.​gov/​it-booklets/​retail-payment-systems/​retail-payment-systems-risk-management/​reputation-risk.​aspx
 
55
Office of Personnel Management. (2015). Cyber Security Resource Center. https://​www.​opm.​gov/​cybersecurity/​
 
56
 
57
Cyber Threat Intelligence Network. Resources for Information Sharing and Analysis Organizations. Retrieved from http://​ctin.​us/​site/​isaos/​
 
58
The Nextware Sessions. Retrieved from http://​www.​nextwaresessions​.​org
 
59
Ponemon Institute. (2016). 2016 Cost of Cyber Crime Study & the Risk of Business Innovation. Retrieved from http://​www8.​hp.​com/​us/​en/​software-solutions/​ponemon-cyber-security-report/​
 
Literatur
Cybenko, G. (2017). Metrics of cyber resilience. In A. Kott & I. Linkov (Eds.), Cyber resilience (pp. 26–38). Cham: Springer.
Evans, N. (2018). Assessing cyber resilience: Cyber dependencies. In A. Kott & I. Linkov (Eds.), Cyber resilience (pp. 130–148). Cham: Springer.
Karsai, G., Koutsoukos, X., Neema, H., Volgyesi, P., & Sztipanovits, J. (2018). Simulation-based analysis of cyber resilience in cyber-physical systems. In A. Kott & I. Linkov (Eds.), Cyber resilience (pp. 130–148). Evans: Springer.
Linkov, I., Eisenberg, D. A., Plourde, K., Seager, T. P., Allen, J., & Kott, A. (2013). Resilience metrics for cyber systems. Environment Systems and Decisions, 33(4), 471.CrossRef
Linkov, I., Poinsatte-Jones, K., Trump, B., Ganin, A., & Kepner, J. (2017). Cyber risk and resilience: Rules and regulations to minimize cyber threats. In A. Kott & I. Linkov (Eds.), Cyber resilience (pp. 198–217). Cham: Springer.
Metadaten
Titel
Frameworks and Best Practices
verfasst von
Brianna Keys
Stuart Shapiro
Copyright-Jahr
2019
Buch
Cyber Resilience of Systems and Networks

Print ISBN: 978-3-319-77491-6

Electronic ISBN: 978-3-319-77492-3

Copyright-Jahr: 2019

DOI
https://doi.org/10.1007/978-3-319-77492-3_4

Neuer Inhalt

    Bildnachweise