Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
| Identify – The Identify Function are foundational for effective use of the Framework. The organization has associated business context, functions, assets, people and technologies with potential weaknesses, vulnerabilities, and threats to ascertain risks. Protect – The Protect function supports the ability to limit or contain the impact of a potential cybersecurity event. The organization is prepared and configured to prevent intrusion, exploitation, or manipulation of information. Detect – The Detect function enables the timely discovery of cybersecurity events. The organization conducts reliable monitoring and identification of unauthorized activity or entities. Respond – The Respond function supports the ability to contain the impact of a potential cybersecurity incident. The organization performs accurate identification and analysis of detected activities resulting ineffective reporting and responses. Recover – The Recover function supports timely recovery to normal operations to reduce the impact from a cybersecurity incident. Capabilities are effectively restored when operational processes/productions have been impaired. This diagram helps illustrate IPDRR coverage per engagement type. Vulnerability assessments provide an organization the measure or understand the ability to identify or protect against a threat. This great but does not provide the means to understand security operations as a whole. Vulnerability assessments tend to focus on preventive controls. Because penetration testing focuses on attack path validation, they can be used to measure not only identification or protection but detection of threat activity and possibly a bit of response. In general, penetration tests are scoped for maximum coverage is a relatively short time. These tests lead to further understanding of protection and detection against threat activity but do little to understand response or recovery. Red Teaming allows an organization to explore all aspects of threat activity fully. Red Teaming provides the needed stimulation to engage security operations as a whole. Red Teaming can employ an organization to enable security operations (Blue Team) to utilize their TTPs through identification, protection, detection, response, and recovery from a threat. The level of measurement is shaped by the engagement plan and determined by the goals. |