Академический Документы
Профессиональный Документы
Культура Документы
CSF v1.1 april 2018 – Cobit 5, ISO 27k1:2013, NIST SP 800 53 rev 4, CIS (center of Internet Security) CSC 2
NIST = national institute of standards an
C.S Life Cycle Sub Actitivties
Asset Management (ID.AM)
Business Environment (ID.BE)
Governance (ID.GV)
IDENTIFY (ID)
Risk Assessment (ID.RA)
Risk Management Strategy (ID.RM)
Supply Chain Risk Management (ID.SC)
Page 1
Sheet1
NIST SP 800 53 rev 4, CIS (center of Internet Security) CSC 2, ISA 62443-3-2013/2009 (security of industrial automation and contro
NIST = national institute of standards and technology
Detail
Physical devices/systems, software, communication and data flows, external info systems, priority based on value/critic, roles
Org mission, objectives, stakeholders, business activities, supply chain, critical functions, priority is defined and communicate
CS policy estsablish/comm, roles/responsibilities aligned, legal/regulatory understood, include CS in governance and risk
asset volun., threat intelligence from forums/sources, document int/ext, bus. Impacts/likelihoods, risk response and priority of
RM est, managed, agree by stakers, determine risk tolerance for org, inform risk in critical infrastructure
critical by stakers, 3rd party, contracts, routinely assessed, regular testing
Issue/manage/revoke, physical, remote, least priv, network seg/sagregation, id logs, auth single/multi factor
users, privilage users, 3rd party understand their resp, sr executives understand resp, physical/CS understand resp
Data rest/transit, assets formally managed and removal, capacity, leaks, integrity checks, test env
basline configurations, SDLC for systems, change control, backups maintained/tested, regulations regarding operating met, d
process improve, tech effecitiveness is shared, response/recovery plan is tested, HR processes, volun. Mgt plan is implement
approved/logged, remote logged/approved and properly protected
audit logs/review,removable media restrict, least privil.,comm protected, failsafe/load balancing, clustering, hot swap
Baseline for network and user data flows, analyze events from multiple sources, determine impact and incident alerts
Monitor physical, network, personal activity, malicious code, un auth. Mobile code, 3 rd party activity, un auth activity, perform v
roles/resp, processes are tested, event detection info is communicated, processes are improved continously
Page 2