🧩 ET Notes

Cyber Security Planning and Policies

14分钟阅读

Cyber Security Plan

  • A cyber security planning is the centerpiece of any effort to defend against attacks and mitigate risk in IT environments. 网络安全规划是防御攻击和减少IT环境中风险的核心工作。
  • A cyber security plan is a written document comprising information about an Organization’s security policies, strategies, procedures, and technologies an organization will rely on when seeking to implement successful cyber security programs. 网络安全计划是一份书面文件,其中包含有关组织的安全政策、战略、程序和技术的信息,组织将依赖这些信息来实施成功的网络安全计划。
  • The cyber security plan aims to ensure the integrity of operations and the security of the Organization’s critical assets. 网络安全计划的目标是确保操作的完整性以及组织关键资产的安全性。
  • Benefits of a Cybersecurity Plan
    1. Better Understanding of Risks: Organizations have extensively used cloud computing technology, mobile devices, the Internet of Things (IoT), Smart Wearables, and so on, which has led to substantial exposure to cyber-attacks and threats 更好地理解风险:组织广泛使用云计算技术、移动设备、物联网(IoT)、智能穿戴设备等技术,导致网络攻击和威胁暴露程度显著增加。
      • A cyber security plan will help organizations understand the current IT environment, allowing them to make the necessary amendments to secure it. 网络安全计划将帮助组织了解当前的IT环境,使其能够对安全性进行必要的调整。
    2. Enabling Proactive Protection: One of the main reasons that organizations fall prey to cybercrime is their reactive approach. 实现主动保护:组织成为网络犯罪受害者的主要原因之一是其被动应对方式。
      • Therefore, it is important to have a prevention plan and take proactive measures towards strengthening cyber security posture. 因此,制定预防计划并采取主动措施来增强网络安全态势至关重要。
      • The organization should always be prepared for worst-case scenarios. 组织应始终为最坏情况做好准备。
      • A fundamentally strong cyber security plan can be put in place, which comprises vulnerability analysis and penetration testing, security vulnerability scans, business continuity, and disaster recovery, which will enable an organization to manage security services as a proactive approach. 可实施一个基础强大的网络安全计划,包括漏洞分析和渗透测试、安全漏洞扫描、业务连续性和灾难恢复,从而使组织能够以主动方式管理安全服务。
    3. Respond Promptly: No organization is 100% secure, even with the strongest security solutions, some attacks will succeed. That is why having a cyber security response plan can be helpful. 快速响应:即使采用最强的安全解决方案,也没有任何组织能够百分百安全,一些攻击仍会成功。因此,制定网络安全响应计划非常有帮助。
      • Creating this plan means knowing exactly what steps to take in the event of a cyber-attack. 创建这一计划意味着在网络攻击发生时能明确知道采取哪些步骤。
    4. Necessary Compliance Requirements: In this highly regulated industry, relevant compliance standards and regulations are necessary to comply. 必要的合规性要求:在这个高度规范的行业中,相关的合规标准和法规是必需的。
      • Some of these are:
        • GDPR (General Data Protection Regulation) GDPR(通用数据保护条例)
        • PCI DSS (Payment Card Industry Data Security Standards) PCI DSS(支付卡行业数据安全标准)
        • HIPAA (Health Insurance Portability and Accountability Act) etc. HIPAA(健康保险携带和责任法案)等。
      • A cyber security plan guarantees utmost compliance and empowers the Enterprise to monitor all the best practices while consistently meeting industry principles and protocols. 网络安全计划可确保最高程度的合规性,使企业能够监控所有最佳实践,同时持续符合行业原则和协议。
    5. Prevent Insider Threats: Cyber security plan will make cyber security a part of the organizational culture and employees will engage themselves in cyber security awareness and training sessions; hence, there will be a declining trend for insider threats. 防止内部威胁:网络安全计划将使网络安全成为组织文化的一部分,员工将主动参与网络安全意识和培训活动;因此,内部威胁将呈下降趋势。

Dimensions of Cyber Security

  • There are two aspects of cyber security
    • Technical
      • Focus is on developing technical expertise and technologies for computer security 专注于开发计算机安全的技术专长和技术:
        • Encryption techniques 加密技术
        • Firewalls 防火墙
        • Biometric-based security technologies 基于生物识别的安全技术
    • Managerial
      • The focus is on developing security policies and procedures 专注于制定安全政策和程序:
        • Policies and mechanisms 政策和机制
        • Operational Issues 操作问题
        • Human Issues 人员问题

Cyber Security Policy

  • A cyber security policy is a set of guidelines and procedures that an organization puts in place to protect its assets and data to prevent cyber attacks and threats. 网络安全政策是一套组织制定的指导方针和程序,旨在保护其资产和数据,以防止网络攻击和威胁。
  • It outlines the measures that the organization will take to prevent and mitigate cyber attacks, and it specifies the roles and responsibilities of employees in maintaining the security of the organization’s systems and data. 它概述了组织为防止和减轻网络攻击将采取的措施,并明确了员工在维护组织系统和数据安全方面的角色和职责。

Cyber–Security Policy Examples

Access control policyPhysical security policy
Network security policyDisaster recovery and business continuity policy
Data security policyData classification policy
Password policyData retention policy
Acceptable use policyIncident response policy

How to Implement a Cyber–Security Policy?

  • Cyber security policy can be implemented by:

    • Identifying risks 识别风险
    • Learning from others 像其他人学习
    • Conforming to legal requirements 遵守法律要求
    • Including staff in policy development 员工参与政策制定
    • Training employees 培训员工
    • Setting clear penalties 制定明确的惩罚措施
    • Enforcing policies 执行政策
    • Installing required tools 安装需要的工具

  • Some ways to enforce cyber security policies within an organization include:

    • Communication: Clearly communicate cyber security policies to all employees to ensure they understand their responsibilities in maintaining the security of the organization. Providing training and resources for employees is critical to help them understand and adhere to the policies. 沟通:清楚地向所有员工传达网络安全政策,确保他们了解自己在维护组织安全中的责任。为员工提供培训和资源是帮助他们理解并遵守政策的关键。
    • Access Controls: Access controls help enforce cyber security policies by limiting access to systems and data to authorized users only. This can include processes such as user authentication and authorization or multifactor authentication. 访问控制:访问控制通过将系统和数据的访问权限限制给授权用户来帮助执行网络安全政策。这包括用户身份验证与授权以及多因素认证等过程。
    • Monitoring and Auditing: Regular monitoring and auditing of systems can help detect policy violations and identify areas where additional controls are required. 监控与审计:定期监控和审计系统有助于发现政策违规行为,并确定需要加强控制的领域。
    • Consequences: Consequences for policy violations are needed to enforce security policies. Without some disciplinary action in place employees will continue to operate under the assumption that they can get away with it. 惩罚措施:需要为违反政策的行为设置惩罚措施以执行安全政策。没有纪律行动的情况下,员工可能会继续认为可以逃避责任。

Cyber Security Approaches

![[Pasted image 20250402012230.png#pic_75center|]]

  • BOTTOM-UP APPROACH 自底向上方法
    • Systems administrators attempt to improve the security of their systems
      • 系统管理员尝试改进他们系统的安全性。
    • Key advantage: Technical expertise of the individual administrators 主要优点:个人管理员的技术专长。
    • Key disadvantage: Seldom works since it lacks critical features: 主要缺点:由于缺乏关键特征,通常效果不佳:
      • Participant support 参与者支持
      • Organizational staying power 组织的持久力
  • TOP-DOWN APPROACH 自顶向下方法
    • Initiated by upper management: 由高层管理人员发起:
      • Issue policy, procedures, and processes 发布政策、程序和流程。
      • Dictate the goals and expected outcomes of the project 明确项目的目标和预期成果。
      • Determine who is accountable for each required action 确定每个所需行动的责任人。
    • Advantages
      • Strong upper management support 强有力的高层管理支持。
      • Dedicated funding 专项资金支持。
      • Clear planning and chance to influence organizational culture 清晰的规划以及影响组织文化的机会。

Cyber Security Strategies

  • A cyber security strategy is a plan that involves selecting and implementing best practices to protect an organizations from internal and external cyber threats. 网络安全战略是一个计划,旨在选择和实施最佳实践,以保护组织免受内部和外部网络威胁。
  • In general, the purpose of most Cyber Security strategies are to identify, protect, detect, respond and recovery. 一般来说,大多数网络安全战略的目标包括:识别、保护、检测、响应和恢复
  • Digital Liability Management (DLM): Also known as “The Intersection of Policy and Technology”, focuses on the intersection of policy and technology and how, together, they can address the critical threats of a cyber world. 数字责任管理(DLM):又称为“政策与技术的交集”,专注于政策与技术的结合及其如何共同应对网络世界中的关键威胁。
    • Benefits of the top-down approach to implementation. 自上而下实施方法的好处。
    • Role of people, process and technology in security. 人员、流程和技术在安全中的作用。
    • The objective of the DLM approach DLM方法的目标:
      • To protect against the occurrence of intrusion and incidents. 防止入侵和事件的发生
      • To provide a good defense when they occur. 在发生时提供良好的防御
  • The four defense tiers help companies deal with the challenging threats and vulnerabilities. 四个防御层级帮助公司应对复杂的威胁和漏洞:
    • Tier 1: Senior management commitment and support 层级1:高层管理承诺与支持
    • Tier 2: Acceptable-use polices and other statements of practice 层级2:可接受使用政策及其他实践声明
    • Tier 3: Secure-use procedures 层级3:安全使用程序
    • Tier 4: Hardware, software and network security tools 层级4:硬件、软件和网络安全工具
  • Zero Trust Security + Defense In Depth 零信任安全 + 深度防御:
    • Zero Trust Implies, never trust, always verify 零信任意味着:永不信任,始终验证
    • Defense In-depth Strategy: The goal of implementing this strategy encompasses the layering of security defenses. 深度防御策略的目标是实施分层安全防御
  • Security strategies that are technology-centric or policy-centric will fail. 单一技术或单一政策导向的安全策略将失败:
  • Technology-centric strategies are weak without strong policies and practices. 技术导向的策略如果没有强大的政策和实践支持则较为薄弱。
  • Policy-centric strategies are ineffective without technology to monitor and enforce them. 政策导向的策略如果缺少监控和执行政策的技术支持则无效。
  • What is needed is a comprehensive multi faceted approach based on: 需要的是基于以下内容的综合多方面方法:
    • SENIOR MANAGEMENT SUPPORT 高层管理支持
    • POLICIES 政策
    • PROCESSES 流程
    • TECHNOLOGIES 技术
  • because all four play a vital role in the proper execution of a security program 因为这四个方面在安全计划的正确执行中都扮演着至关重要的角色

Cyber Security Relies on

  • Policies must be developed, communicated, maintained and enforced 政策必须制定、传达、维护并执行
  • Systems must be built to technically adhere to policy 系统必须构建为能够在技术上遵循政策
  • Processes must be developed that show how policies will be implemented 流程必须设计以展示如何实施政策
  • People must understand their responsibilities regarding policy 人员必须了解自己在政策方面的职责

关系图谱