Is “Agile Cybersecurity” Possible?Is “Agile Cybers

文件名称: Is “Agile Cybersecurity” Possible?

所属分类: 系统安全

开发工具:

文件大小: 3mb

下载次数: 0

上传时间: 2019-03-02

提供者: weixin_********

下载 (3mb)

不能下载？报告错误

详细说明：Is “Agile Cybersecurity”Possible? - Strategic and Tactical Solutions to Realizing AgilityCopyright 2018, by Syber Risk LLC All rights reserved. No parts of this book may be reproduced or utilized in any form or by any means electronic or mechanical, including photocopying, recording or by any information storage and retrieval system, without permission in writing from the Publisher/Author. Inquiries should be addressed to Syber risk, LLC, 6528 Seventh Street Nw, Washington, District of Columbia, 20012 or syber.risk.llc(gmail.com DEDICATION This book is dedicated to the cyber-security men and women that protect and defend the information Systems of this great Nation LEGAL STUFF ANY REGISTERED R NAMED SYSTEM HARDWARE OR SOFTWARE COMPONENT IDENTIFIED IS ONLY MEANT FOR EDUCATIONAL PURPOSES AND DOES NOT CONSTRUE ANY PROMOTION OF THE PRODUCT. READERS SHOULD EXERCISE THEIR DUE DILIGENCE AND CONDUCT PROPER MARKET RESEARCH TO IDENTIFY THEIR NEEDED PRODUCTS IN ACCORDANCE WITH THEIR COMPANY OR AGENCY POLICIES AND STANDARDS LIMIT OF LIABILITY DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES. INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT, NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/ORA POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE FURTHER. READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ Is"“ Agile Cybersecurity” Possible: Table of contents Is agile cybersecurity? possible? nist 800-53 is too cumbersome The Risk Management Framework(RMF Failure Risk versus threat A Return to the past: A hybrid solution The Nature of Continuous Monitoring The National Cybersecurity Framework (NCF NCF Agility A Need for Third-Party Assessment The Subjectivity of Compliance National Institute of Standards and Technology(NIsT800-171 Where is 800-171 Going? Consequences of Non-compliance The Likely Course: FAR Clause 52.204-21 Proof of a companys cybersecurity posture The Risk Assessment(RA The ra defined The ra workflow The RA and agility Specialized IT Systems(SPITS) Constrained number of controls SPITS Categorization Conclusion Appendix A--Relevant Terms Appendix B-Continuous MonitoringA More Detailed Discussion Defining Continuous Monitoring Continuous Monitoring-First Generation End-Points Security Tools Security Controls Security Information and Event Management (SIEM Solutions Next Generations Endnotes for "Continuous Monitoring: A More Detailed Discussion Appendix C-Plan of Action Milestones(POAM) Appendix D--Sample Risk Assessment(RA) Analysis Report Appendix E--Ten Success Recommendations Appendix F-Special Information Technology Systems(SPITS) Baseline controls APPENDIX G-NIST 800-171 Compliance Checklist Access Control(AC) Awareness Training(AT) Audit Accountability (AU) Configuration Management (CM Identification Authentication (IA) Incident Response (R Maintenance MA) Media Protection( MP Personnel Security(Ps) Physical Security (PP) Risk Assessments(RA) Security Assessments( A) System Communications Protection SC) System Information Integrity(SD About the author Other Supplements by the author Is"Agile Cybersecurity"Possible?

(系统自动生成,下载前可以参看下载内容)