カーネギーメロン大学ソフトウェア工学研究所の「サイバーセキュリティの状況認識(Situaltion Awareness)」シリーズは基本的な内容で参考になりますね。
こんにちは、丸山満彦です。
Carnegie Mellon University - Software Engineering Instituteがブログを公開していますが、「サイバーセキュリティの状況認識(Situation Awareness)」について、2019.09.09からいくつかの記事が公開されていますが、基本的なことで興味深い内容となっているように思います。興味がある方は是非・・・
Situation Awareness (Wikipedia) の説明が参考になりますね。
最新の2020.05.11に公開されているものは、「監視と対応のためのツール」についての記事となっています。
-----
・2020.03.23 Situational Awareness for Cybersecurity Architecture: Network Visibility by Timur Snoke
・2020.02.10 Engineering for Cyber Situational Awareness: Endpoint Visibility by Phil Groce
・2019.11.18 Situational Awareness for Cybersecurity: Three Key Principles of Effective Policies and Controls by Angela Horneman
・2019.10.16 Situational Awareness for Cybersecurity: Assets and Risk by Angela Horneman
・2019.09.09 Situational Awareness for Cybersecurity: An Introduction by Angela Horneman
-----
・2020.05.11 Situational Awareness for Cyber Security Architecture: Tools for Monitoring and Response by Tim Shimeall
Visibility into the activities within assets enables network security analysts to detect network compromises. Analysts monitor these activities directly on the device by means of endpoint visibility and in the communications going to and from the device on the network. In our earlier blog posts on cyber situational awareness (SA) for the enterprise, we discussed endpoint visibility and network visibility. However, endpoint and network visibility will do little good if analysts don't have tools to...
-----
・2020.03.23 Situational Awareness for Cybersecurity Architecture: Network Visibility by Timur Snoke
Network compromises cannot be detected without visibility into the activities within assets. Network security analysts can view these activities in one of two places (or sometimes both): directly on the device by means of endpoint visibility and in the communications going to and from the device; in other words, on the network. In our earlier blog post on cyber situational awareness (SA) for the enterprise, we discussed endpoint visibility. In this post, we turn our...
-----
・2020.02.10 Engineering for Cyber Situational Awareness: Endpoint Visibility by Phil Groce
This post was co-written by Timur Snoke. In this post, we aim to help network security analysts understand the components of a cybersecurity architecture, starting with how we can use endpoint information to enhance our cyber situational awareness. Endpoints collect a wealth of information valuable for situational awareness, but too often this information goes underutilized....
-----
・2019.11.18 Situational Awareness for Cybersecurity: Three Key Principles of Effective Policies and Controls by Angela Horneman
Security measures are most effective when it is clear how assets are supposed to be used and by whom. When this information is documented in clearly written organizational policies, these policies can then be implemented in the form of enforceable security controls. In this third post in our series of blog posts on cyber situational awareness for the enterprise, I discuss how policies and controls contribute to asset protection and to the know what should...
-----
・2019.10.16 Situational Awareness for Cybersecurity: Assets and Risk by Angela Horneman
This post was co-written by Lauren Cooper. When key business assets are not adequately protected from cybersecurity breaches, organizations can experience dire consequences. Lumin PDF, a PDF editing tool, recently had confidential data for its base of 24.3 million users published in an online forum. The personal data of almost every citizen of Ecuador was also recently leaked online. Data breaches exposed 4.1 billion records in the first six months of 2019, and data breaches...
-----
・2019.09.09 Situational Awareness for Cybersecurity: An Introduction by Angela Horneman
Situational awareness (SA) helps decision makers throughout an organization have the information and understanding available to make good decisions in the course of their work. It can be focused specifically on helping people and organizations protect their assets in the cyber realm or it can be more far reaching. SA makes it possible to get relevant information from across an organization, to integrate that information, and to disseminate it to help people make better decisions....
-----
Comments