"After reviewing more than a year’s worth of community feedback, NIST has released a Draft of The NIST Cybersecurity Framework 2.0 for public comment! This draft represents a major update to the CSF—a resource first released in 2014 to help organizations reduce cybersecurity risk. The draft update reflects changes in the cybersecurity landscape and makes it easier to put the CSF into practice for all organizations. The CSF 2.0 draft reflects several major changes, including: an expanded scope, the addition of a sixth function, Govern, and improved and expanded guidance on implementing the CSF—especially for creating profiles."
https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework
https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework
CSRC | NIST
The NIST Cybersecurity Framework 2.0 (Draft)
The NIST Cybersecurity Framework 2.0 provides guidance to industry, government agencies, and other organizations to reduce cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of…
Руководство по "теневой" ит-инфраструктуре от Британского ФСТЭКа (то чего нет в документах вашей организации но работает)
https://www.ncsc.gov.uk/guidance/shadow-it
https://www.ncsc.gov.uk/guidance/shadow-it
www.ncsc.gov.uk
Shadow IT
Managing 'unknown assets' that are used within an organisation.
Пошаговое руководство от CIS как сделать дорожную карту
https://learn.cisecurity.org/plan-cybersecurity-roadmap-guide
https://learn.cisecurity.org/plan-cybersecurity-roadmap-guide
learn.cisecurity.org
Cybersecurity Roadmap Guide
CIS SecureSuite Membership offers tools and resources to construct a comprehensive cybersecurity roadmap. Perfect for organizations, consultants, and product vendors, it provides assistance in fortifying systems, integrating best practices, and advancing
https://csrc.nist.gov/Projects/Cybersecurity-Framework/Filters#/csf/filters
"Today, NIST is officially unveiling our new Cybersecurity Framework (CSF) 2.0 Reference Tool. This resource allows users to explore the Draft CSF 2.0 Core (Functions, Categories, Subcategories, Implementation Examples) and offers human and machine-readable versions of the draft Core (in both JSON and Excel formats). Currently, the tool allows users to view and export portions of the Core using key search terms. This tool will ultimately enable users to create their own version of the CSF 2.0 Core with selected Informative References and will provide a simple and streamlined way for users to explore different aspects of the CSF Core. "
"Today, NIST is officially unveiling our new Cybersecurity Framework (CSF) 2.0 Reference Tool. This resource allows users to explore the Draft CSF 2.0 Core (Functions, Categories, Subcategories, Implementation Examples) and offers human and machine-readable versions of the draft Core (in both JSON and Excel formats). Currently, the tool allows users to view and export portions of the Core using key search terms. This tool will ultimately enable users to create their own version of the CSF 2.0 Core with selected Informative References and will provide a simple and streamlined way for users to explore different aspects of the CSF Core. "
Forwarded from Пост Лукацкого
Интересный портал https://dfiq.org/. Является базой знаний по расследованию инцидентов. Активно пополняется. На первой картинке интересный и живой пример - сотрудник компании подозревается в краже конфиденциальной информации. Какие признаки того, что сотрудник может скрывать свою деятельность? А какие индикаторы говорят о том, что утечка может произойти в будущем? Среди других рассматриваемых кейсов - подозрительные DNS-запросы, расширение плацдарма в инфраструктуре (Lateral Movement), компрометация облачной среды, сотрудник использует конфиденциальные данные совего бывшего работодателя на новом месте (ну какой же это инцидент - типичная история 😂 ), скрытие активности на скомпрометированном узле...
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM