Difference between revisions of "User:Shawndouglas/sandbox/sublevel3"

From LIMSWiki
Jump to navigationJump to search
Line 1: Line 1:
[[File:Cybersecurity Controls - Lunch N' Learn Session (37382400940).jpg|right|300px]]The planning is in the rear-view mirror, the implementation is complete, and your organization is nestled behind a warm layer of technological and process-based security. Pat yourselves on the back and call it "mission accomplished," right? Well, not quite. The mission of cybersecurity is never-ending, as is the adaptation and assault of cyber criminals. The final component of a successful cybersecurity plan involves monitoring and assessing the effectiveness of the plan, and updating it when necessary. This is where those performance indicators (5.4) you developed truly come into play. Based on your cybersecurity goals and objectives, those performance indicators are tied to monitoring systems, audit controls, and workflow processes. Questions worth asking include<ref name="DowningAHIMA17">{{cite web |url=https://journal.ahima.org/wp-content/uploads/2017/12/AHIMA-Guidelines-Cybersecurity-Plan.pdf |format=PDF |title=AHIMA Guidelines: The Cybersecurity Plan |author=Downing, K. |publisher=American Health Information Management Association |date=December 2017 |accessdate=23 July 2020}}</ref><ref name="LebanidzeGuide11">{{cite web |url=https://www.cooperative.com/programs-services/bts/documents/guide-cybersecurity-mitigation-plan.pdf |format=PDF |title=Guide to Developing a Cyber Security and Risk Mitigation Plan |author=Lebanidze, E. |publisher=National Rural Electric Cooperative Association, Cooperative Research Network |date=2011 |accessdate=23 July 2020}}</ref><ref name="LagoHowTo19">{{cite web |url=https://www.cio.com/article/3295578/how-to-implement-a-successful-security-plan.html |title=How to implement a successful cybersecurity plan |author=Lago, C. |work=CIO |publisher=IDG Communications, Inc |date=10 July 2019 |accessdate=23 July 2020}}</ref>:
<blockquote>By seeking and blundering we learn. - Johann Wolfgang von Goethe</blockquote>


* Do the indicators seem to be measuring what your organization intended?
Your organization has sought out being more aware of cybersecurity issues and has enacted a plan and controls to fight against various cybersecurity threats. Yet during that process your organization has also hopefully learned that no one is 100 percent secure. Incidents happen. Control settings get overlooked. Attack vectors change. When these issues come up, it takes more than fixing the problem to improve a process or system. The incident, overlooked process, or new knowledge must be analyzed, documented, and disseminated in order for everyone to learn and improve. This is why the organization must—in addition to monitoring and assessing the plan's effectiveness—document occasions of "blundering" and incorporate any new observations or lessons (e.g., using an after-action report) back into the current plan.<ref name="NARUCCyber18">{{cite web |url=https://pubs.naruc.org/pub/8C1D5CDD-A2C8-DA11-6DF8-FCC89B5A3204 |format=PDF |title=Cybersecurity Strategy Development Guide |author=Cadmus Group, LLC |publisher=National Association of Regulatory Utility Commissioners |date=30 October 2018 |accessdate=23 July 2020}}</ref> Which leads to...
* Are trends accurately being identified out of the data, or is the data simply confounding?
* Are the detection settings doing their job, or are attacks getting through that shouldn't be?
* Are appropriate cybersecurity test procedures and tools implemented and used by qualified personnel?
* Is enough data being captured and documented?
* Are emails and alerts actually being received and acted upon?
* Are too many false positives being generated?


==References==
==References==
{{Reflist|colwidth=30em}}
{{Reflist}}

Revision as of 20:18, 16 February 2022

By seeking and blundering we learn. - Johann Wolfgang von Goethe

Your organization has sought out being more aware of cybersecurity issues and has enacted a plan and controls to fight against various cybersecurity threats. Yet during that process your organization has also hopefully learned that no one is 100 percent secure. Incidents happen. Control settings get overlooked. Attack vectors change. When these issues come up, it takes more than fixing the problem to improve a process or system. The incident, overlooked process, or new knowledge must be analyzed, documented, and disseminated in order for everyone to learn and improve. This is why the organization must—in addition to monitoring and assessing the plan's effectiveness—document occasions of "blundering" and incorporate any new observations or lessons (e.g., using an after-action report) back into the current plan.[1] Which leads to...

References

  1. Cadmus Group, LLC (30 October 2018). "Cybersecurity Strategy Development Guide" (PDF). National Association of Regulatory Utility Commissioners. https://pubs.naruc.org/pub/8C1D5CDD-A2C8-DA11-6DF8-FCC89B5A3204. Retrieved 23 July 2020.