SP 1800-26 Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events
こんにちは、丸山満彦です。
NISTがSP 1800-26を公開していますね。
マルウェア等の破壊的な事象に対する検知と対応に関するガイダンスですね。
● NIST - ITL
・[PDF] SP 1800-26
Related NIST Publications:
SP 1800-11 Data Integrity: Recovering from Ransomware and Other Destructive Events
SP 1800-25 Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events
Abstract
Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to organizations that manage data in various forms. Database records and structure, system files, configurations, user files, application code, and customer data are all potential targets of data corruption and destruction.
A timely, accurate, and thorough detection and response to a loss of data integrity can save an organization time, money, and headaches. While human knowledge and expertise is an essential component of these tasks, the right tools and preparation are essential to minimizing downtime and losses due to data integrity events. The NCCoE, in collaboration with members of the business community and vendors of cybersecurity solutions, has built an example solution to address these data integrity challenges. This project details methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network. It also identifies tools and strategies to aid in a security team’s response to such an event.
・2020.12.08 Cybersecurity Practice Guides for Securing Data Integrity Against Ransomware Attacks
■ 参考
● まるちゃんの情報セキュリティ気まぐれ日記
・2020.01.29 NIST SP 1800-26(Draft) Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events
・2020.12.09 SP 1800-25 Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events
・2020.01.29 NIST SP 1800-25(Draft) Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events
目次の仮訳
1 Summary | 1 まとめ |
1.1 Challenge | 1.1 チャレンジ |
1.2 Solution | 1.2 解決策 |
1.3 Benefits | 1.3 メリット |
2 How to Use This Guide | 2 このガイドの使い方 |
2.1 Typographic Conventions | 2.1 表示の凡例 |
3 Approach | 3 アプローチ |
3.1 Audience | 3.1 対象者 |
3.2 Scope | 3.2 範囲 |
3.3 Assumptions | 3.3 前提条件 |
3.4 Risk Assessment | 3.4 リスクアセスメント |
3.4.1 Risk | 3.4.1 リスク |
3.4.2 Security Control Map | 3.4.2 セキュリティ制御マップ |
3.5 Technologies | 3.5 技術 |
4 Architecture | 4 アーキテクチャ |
4.1 Architecture Description | 4.1 アーキテクチャの説明 |
4.1.1 High-Level Architecture | 4.1.1 ハイレベルアーキテクチャ |
4.1.2 Architecture Components | 4.1.2 アーキテクチャコンポーネント |
5 Security Characteristic Analysis | 5 セキュリティ特性分析 |
5.1 Assumptions and Limitations | 5.1 前提条件と限界 |
5.2 Build Testing | 5.2 ビルドテスト |
5.3 Scenarios and Findings | 5.3 シナリオと結果 |
5.3.1 Ransomware via Web Vector and Self-Propagation | 5.3.1 ウェブベクターと自己増殖によるランサムウェア |
5.3.2 Destructive Malware via USB Vector | 5.3.2 USBベクターを介した破壊的なマルウェア |
5.3.3 Accidental VM Deletion via Maintenance Script | 5.3.3 メンテナンススクリプトによる偶発的なVMの削除 |
5.3.4 Backdoor Creation via Email Vector | 5.3.4 メールベクターによるバックドア作成 |
5.3.5 Database Modification via Malicious Insider | 5.3.5 悪意のあるインサイダーによるデータベースの改ざん |
5.3.6 File Modification via Malicious Insider | 5.3.6 悪意のあるインサイダーによるファイル改ざん |
5.3.7 Backdoor Creation via Compromised Update Server | 5.3.7 危殆化したアップデートサーバによるバックドア作成 |
6 Future Build Considerations | 6 今後のビルドの検討事項 |
Appendix A List of Acronyms | 付録 A 頭字語一覧 |
Glossary | 用語集 |
Appendix C References | 付録C 参考文献 |
Appendix D Functional Evaluation | 付録D 機能評価 |
D.1 Data Integrity Functional Test Plan | D.1 データ整合性機能テスト計画 |
D.2 Data Integrity Use Case Requirements | D.2 データインテグリティのユースケース要件 |
D.3 - 9 Test Case: Data Integrity DR-1 - 7 | D.3 - 9 テストケース・データの完全性 DR-1 - 7 |
« G7 Cyber Expert Group サイバー演習計画に関するG7の基礎的要素 at 2020.11.24 | Main | SP 1800-25 Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events »
Comments