Index
A
Advanced persistent threat (APT)
Application security (AS)
capabilities
definition
goal and objectives
threat vectors
Asset management and supply chain (AMSC)
Audit
artifacts
assessment
controls, technologies, and manual processes
functional areas
risk mitigations
security capabilities
Audit First Methodology
audit controls
design controls
detective controls
forensic controls
preventive controls
threat analysis
deficiency
definition
remediation
tracking process
evidence collection
planning process
proving negatives
records generation
reporting and records retention
results
threat audit
threat-based objectives
validation
Audit report mapping
B
Binary value scales
Bring-your-own-devices (BYODs)
C
Chief Information Officer (CIO)
Chief Information Security Officer (CISO)
Confidentiality, integrity, or availability (CIA)
Critical path
Cyberattack
APT
availability
crisis
SeeCyberattack crisis)
confidentiality breaches
integrity breaches
malware waves
Sony Pictures Entertainment
Cyberattack crisis
action review
Calling for help
contingency planning
“falling off the cliff”
IT systems
air-gapped systems
bridge building
cybersecurity
vs
. IT restoration
improvements
interim IT capabilities
maximum allowable risk
operating capabilities
rebuilding and restoring process
recovery efforts
“keep calm and carry on”
communications overload
decision-making, difficulties
OODA loop
operational tempo
operations
playing baseball
staff and contractors
new normal culture
recovery process
caring people
cyber hand-to-hand combat
parallel rebuilding efforts
resource-driven project plan
resources constraints
resources identification
“throwing money at problems”
remediation
resolving
senior enterprise leadership
snowballing incident
Cybercastles
CyberIncident Response Team (CIRT)
Cyberintrusion
attack graphs
attack trees
compliance standards
connectivity explosion
cyberattacks/cyberdefence
detective controls
enterprise cybersecurity attack sequence
enterprise IT consolidation
Lockheed Martin Kill chain
mandiant attack life cycle
preventive controls
Cybersecurity
architecture
audit controls
challenges
detective controls
judgment calls
scalability
security control frameworks
security operations
cloud
application security
asset management and supply chain
authentication
characteristics
contracts and agreements
cryptography
data protection
deployment models
DevOps
DevSecOps
endpoint/server/device security
high availability/disaster recovery/physical protection
identity/authentication/access management
incident response
key management
logging/monitoring/investigations
monitoring/vulnerability/patch management
network security
policy/audit/e-discovery/training
reliability and disaster recovery
scale and reliability
scopes and account management
service models
systems administration
compliance requirements
cyberattackers
commodity threats
cyberwar
espionage
hacktivists
organized crime
cyberattacks
APT
availability
confidentiality breaches
integrity breaches
malware waves
Sony Pictures Entertainment
cyberintrusion
SeeCyberintrusion
detective controls
ECSA
SeeEnterprise cybersecurity architecture (ECSA)
enterprise cybersecurity program
SeeEnterprise cybersecurity program management)
enterprise IT
attack graphs
components
emplacing cyberdefenses
forensic controls
frameworks
implementation
capabilities
IT organization
IT system life cycle
SeeIT system life cycle)
security architecture effectiveness
security controls
security scopes
SeeSecurity scopes)
security technology
mapping
assessment audit
audit report mapping
deficiency tracking and management
IT systems and security controls
multiple frameworks
prevention
processes
security capabilities
security scopes
technologies
validation audit reports
mobile and BYOD
always-on and always-connected
application security
asset management and supply chain
characteristics
conceptual architecture
data protection and cryptography
endpoint/server/device security
high availability/disaster recovery/physical protection
identity/authentication/access management
incident response
legal agreements for data protection
MDM
mobile platforms
monitoring/vulnerability/patch management
multi-factor authentication
network security
personal use and personal data
policy/audit/e-discovery/training
sensors and location awareness
systems administration
next-generation cyberdefense axioms
operations
SeeCybersecurity operations)
people/organization/budgets
preventive controls
procedural capabilities
processes/technologies
risk management process
assets
availability
confidentiality
integrity
risk evaluation
risk mitigation
risk treatment
security controls
threats
vulnerabilities
technological capabilities
security control
Cybersecurity effectiveness index (CSEIndex)
Cybersecurity operations
auditing and deficiency tracking process
functional areas
application security
asset management and supply chain
data protection and cryptography
endpoint/server/device security
high availability/disaster recovery/physical protection
identity/authentication/access management
incident response
monitoring/vulnerability/patch management
network security
policy/audit/e-discovery/training
systems administration
incident response process
information systems
IT operational process
operational process
operational responsibilities
business leadership
IT engineering
IT operations
IT strategy/architecture
security
process
account and access periodic re-certification
asset inventory and auditing IT assets
auditing and deficiency tracking
change control
configuration management database re-certification
control management
cyberintrusion response
emergency preparedness
password and key management
patch management and deployment
policies and policy exception management
privileged account activity audit
project and change security reviews
risk management
security monitoring
supplier reviews and risk assessments
vulnerability scanning
risk management process
vulnerability management process
Cybersecurity policy
compliance
guidance, functional area
application security
asset management and supply chain
audit, e-discovery, and training
data protection and cryptography
endpoint, server, and device security
high availability, disaster recovery, and physical protection
identity, authentication, and access management
incident response
monitoring, vulnerability, and patch management
network security
systems administration
purpose of
responsibilities
scope and applicability
security documentation
statement
Cybersecurity sample assessment
capabilities
decision-making
expert judgment
functional area capabilities
Level3_Index
maturity
measurement map
object characteristic measurement
object measurement equation
observed data
OMIndex
OM measurement pane
OM scoring matrix
operational processes
program assessment index
risk mitigations
security operations measurement pane
17 operational processes
single combined measurement
systems administration
113 capabilities
utilization
visualization and analysis
functional areas
assessment consideration
assessment security scope
comprehensiveness
effectiveness
expert judgment value scales
expert measurements
expert value judgments
functional area metrics
Level1_Index
Level2_Index
object characteristic
OM measurement pane
OM scoring matrix
risk mitigations
security operations metric
single combined measurement
value scales
visualization and analysis
risk mitigations
attack sequence step metrics
expert judgment
expert measurements
expert value judgments
Level1_Index
OM measurement pane
OM scoring matrix
risk impact reduction
risk probability reduction
single combined measurement
value scale
single security scope
D
Data protection and cryptography (DPC)
Defense
attack sequence
advanced and targeted attacks
command and control
data attackers
foothold
lateral movement
mission completion
privileges, escalating
processes
business costs and value
maximum allowable risk
security and productivity
security posture, effectiveness
security total cost
cybercastles
defeat attacks
design
detect attacks
detection rules
disrupt and delay attacks
incident response
maze
vs
. minefields
nested defenses
network segmentation
resiliency
security failure
chain escalation
endpoint security
system administration channels
Verizon report, inevitability
strong authentication
Developer operations (DevOps)
Developer security operations (DevSecOps)
Discrete value scales
E
Endpoint, server, and device security (ESDS)
Electronic Data Systems (EDS)
Enterprise cybersecurity
Enterprise cybersecurity architecture (ECSA)
application security
capabilities
definition
goal and objectives
threat vectors
assessment management and supply chain
capabilities
definition
goal and objectives
threat vectors
availability/disaster recovery/physical protection
capabilities
definition
goal and objectives
threat vectors
cyberattack and defense
automated response
before the internet
biological defense
casual attackers
down market
future evolution
harden host
layered defense and active response
nation-state attackers
professional attackers
protect network
cybersecurity assessments
cybersecurity capabilities
cybersecurity implementation
data protection and cryptography
capabilities
definition
goal and objectives
threat vectors
endpoint/server/device security
capabilities
definition
goal and objectives
threat vectors
framework
functional areas
identity/authentication/access management
capabilities
definition
goal and objectives
threat vectors
incident response
capabilities
definition
goal and objectives
threat vectors
monitoring/vulnerability/patch management
capabilities
definition
goal and objectives
threat vectors
network security
capabilities
containment
definition
goal and objectives
threat vectors
policy/audit/e-discovery/training
capabilities
definition
goal and objectives
threat vectors
systems administration
capabilities
definition
goal and objectives
threat vectors
Enterprise cybersecurity attack sequence
Enterprise cybersecurity program
Enterprise cybersecurity program management
assess assets, threats and risks
assessment phase
assess security status
assess risk mitigations, capabilities, and security operations
identify deficient areas
identify target security levels
prioritize remediation and improvements
collect operational metrics
cybersecurity improvements
assessment scores
business application servers
cybersecurity investments
general business users
HIPAA regulated systems
multiple scopes
PCI regulated systems
red-teaming threat scenarios
risk mitigations
security capabilities
security infrastructure
security operations
SOX regulated systems
elements
identify deficient areas
identify security scopes
identify target security levels
prioritize remediation and improvements
prioritizing improvement
assessment scores
factors
future/prioritizing projects
immediate/executing projects
multiple time periods
next year/resourcing projects
quantitative measurement
this year/preparing projects
resource and execute improvements
External-facing audit report
F
Full operating capability (FOC)
G
Global positioning system (GPS)
H
Health Insurance Portability and Accountability Act (HIPAA)
High availability, disaster recovery, and physical protection (HADRPP)
HIPAA regulated systems
I, J, K
Identity, authentication, and access management (IAAM)
capabilities
definition
goal and objectives
threat vectors
Incident response (IR) process
containment
detection
evidence collection
final report
identification
investigation
normal IT operations
remediation
repair gaps
report
validation
Indicators of compromise (IOC) cycle
Information Technology Infrastructure Library (ITIL)
Initial operating capability
Internal-facing audit report
IT system life cycle
architect
deploy
design
maintain
operate
retire
security policies
support
L
Lockheed Martin Kill chain
M
Mandiant attack life cycle
Mobile Device Management (MDM)
Monitoring, vulnerability, and patch management (MVPM)
capabilities
definition
goal and objectives
threat vectors
N
National Institute of Standards and Technologies (NIST) risk management
Network isolation
Network security (NS)
capabilities
definition
goal and objectives
threat vectors
O
Object measurement (OM)
See alsoProgram measurement
cybersecurity-related measurements
policies and policy exception management
project and change security reviews
risk management
two-step measurement approach
displacement
equation
measurement map
enterprise cybersecurity program assessment
structure
principles
six-step methodology
expert judgment
observed data
steps
value scales
binary
discrete
expert judgment
no one set of terms
observed data
sliding
tick-mark labels
vectors
Observe Orient Decide Act (OODA) loop
OMIndex equation
Out-of-Band (OOB) management
P, Q
Payment Card Industry Digital Security Standards (PCI-DSS)
Payment Card Industry (PCI) standards
PCI regulated systems
Personal Card Industry (PCI)
Policy, audit, e-discovery, and training (PAET)
Program measurement
assessment
cyberattacks
measurement map
scopes
value scales
visualization
data observation
definition
functional areas
connectivity
expert judgment
value scales
program assessment index
risk mitigations
expert judgment
value scales
security controls
security operations
expert judgment
value scales
R
Recovery Point Objectives (RPO)
Recovery Time Objectives (RTO)
Risk-based method
Risk management process
assets
availability
confidentiality
integrity
risk evaluation
risk mitigation
risk treatment
security controls
threats
vulnerabilities
Risk mitigations
S
Sarbanes-Oxley (SOX)
Security Information and Event Management (SIEM)
Security Operations Center (SOC)
Security Technical Implementation Guides (STIGs)
Security scopes
business support
customer-facing
employee computing
identification
RMF steps
security and systems administration
selection
test and non-production
types
Simple Mail Transfer Protocol
Sliding value scales
SOX regulated systems
Systems administration
capabilities
definition
goal and objectives
threat vectors
T, U
Threat-based cybersecurity audits
Tick-mark labels value scale
V, W, X, Y, Z
Virtual private networking (VPN)
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.