2014-2016:
Recent Sector Priorities
Recent IT SCC filings, comments, letters
2016 IT Sector Specific Plan
Resources
Insider Threat Whitepaper: “Analytic Approaches to Detect Insider Threat”
Posted on CMU SEI: http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=451065.
Description: This whitepaper identifies how modern architectures can be used to collect data and invoke analytics to detect insider threats. The work expands upon published insider threat agent attack research by providing analytic indicators for early attack detection, and identifies the data needed for the analytics. The work presents a complete discussion of data sources within a representative system architecture and examines the use of “big data” architectures to capture, manage, and make the data accessible to analytic tools which power the insider threat analytics. The material is structured in a manner that facilitates organizational tailoring of the guidance based upon information technology limitations, legal authorities, corporate policies, business concerns, and workplace culture.
Life Critical Embedded Systems (LCES) Whitepaper: “Security Tenets for Life Critical Embedded Systems“
Posted on DHS’ public website: https://www.dhs.gov/publication/security-tenets-lces (pdf)
Description: Addresses antiquated, deficient security models for life critical embedded systems (LCES) and devices. This whitepaper captures and prioritizes core technical principles, or tenets, applicable across any industry or organization with LCES. The tenets may be used by system developers and operators to improve the overall security of such systems.
CRADM Cyber Resiliency Technical Guidance Documents
Posted on MITRE’s website: http://www2.mitre.org/public/industry-perspective
Description: This collection of 28 documents provides guidance on how an organization can best protect itself from cyber-attack. The material is written for C-suite decision makers (level 1) and technical implementers (level 2).
Institutional Documents
Archives
Recent Sector Priorities
Recent IT SCC filings, comments, letters
2016 IT Sector Specific Plan
Resources
Insider Threat Whitepaper: “Analytic Approaches to Detect Insider Threat”
Posted on CMU SEI: http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=451065.
Description: This whitepaper identifies how modern architectures can be used to collect data and invoke analytics to detect insider threats. The work expands upon published insider threat agent attack research by providing analytic indicators for early attack detection, and identifies the data needed for the analytics. The work presents a complete discussion of data sources within a representative system architecture and examines the use of “big data” architectures to capture, manage, and make the data accessible to analytic tools which power the insider threat analytics. The material is structured in a manner that facilitates organizational tailoring of the guidance based upon information technology limitations, legal authorities, corporate policies, business concerns, and workplace culture.
Life Critical Embedded Systems (LCES) Whitepaper: “Security Tenets for Life Critical Embedded Systems“
Posted on DHS’ public website: https://www.dhs.gov/publication/security-tenets-lces (pdf)
Description: Addresses antiquated, deficient security models for life critical embedded systems (LCES) and devices. This whitepaper captures and prioritizes core technical principles, or tenets, applicable across any industry or organization with LCES. The tenets may be used by system developers and operators to improve the overall security of such systems.
CRADM Cyber Resiliency Technical Guidance Documents
Posted on MITRE’s website: http://www2.mitre.org/public/industry-perspective
Description: This collection of 28 documents provides guidance on how an organization can best protect itself from cyber-attack. The material is written for C-suite decision makers (level 1) and technical implementers (level 2).
Institutional Documents
Archives