Analytic Approaches to Detect Insider Threat
Description: This whitepaper identifies how modern architectures can be used to collect data and invoke analytics to detect insider threats. The work expands upon published insider threat agent attack research by providing analytic indicators for early attack detection, and identifies the data needed for the analytics. The work presents a complete discussion of data sources within a representative system architecture and examines the use of “big data” architectures to capture, manage, and make the data accessible to analytic tools which power the insider threat analytics. The material is structured in a manner that facilitates organizational tailoring of the guidance based upon information technology limitations, legal authorities, corporate policies, business concerns, and workplace culture.
Security Tenets for Life Critical Embedded Systems
Description: Addresses antiquated, deficient security models for life critical embedded systems (LCES) and devices. This whitepaper captures and prioritizes core technical principles, or tenets, applicable across any industry or organization with LCES. The tenets may be used by system developers and operators to improve the overall security of such systems.
Cyber Resiliency Technical Guidance Documents
Description: This collection of 28 documents provides guidance on how an organization can best protect itself from cyber-attack. The material is written for C-suite decision makers (level 1) and technical implementers (level 2).
IT Sector Cyber Resilience White Paper
Description: This white paper explores resiliency from the public and private sector perspectives in order to better understand the commonalities and differences that Government and Industry have as it pertains to the cybersecurity and resilience of our critical infrastructure. The paper identifies areas where IT Sector stakeholders can coordinate resilience activities in building a cyber resilient critical infrastructure community.
DNS Risk Asessment
Description: This updated assessment of the Provide Domain Name Resolution Services and Provide Internet Routing, Access, and Connection Services Critical Functions Risk describes how specific existing and emerging threats, technologies, and standards affect the risk profiles of the IT Sector’s DNS and Internet routing critical functions.
Description: Cybersecurity defenders across government and industry face a daunting but serious reality that self- defense alone can no longer be the governing practice. The need for a clearly defined Collective Defense apparatus, built upon the foundation of trust between industry and government, has become an issue of both national security and economic necessity.
Internet of Things (IoT) Acquisition Guidance Document
Description: This document highlights areas of elevated risk resulting from the software-enabled and connected aspects of IoT technologies and their role in the physical world. It provides information on certain vulnerabilities and weaknesses, suggests solutions for common challenges, and identifies factors to consider before purchasing or using Internet of Things devices, systems, and services. The recommendations in the document are designed to improve the effectiveness of supply chain, vendor, and technology evaluations prior to the purchase of Internet of Things devices, systems, and services. Adoption of these recommendations by all organizations will help strengthen the Nation’s cyber resilience by ensuring the cybersecurity of IoT technologies is addressed throughout the acquisition lifecycle. The document was developed by a working group composed of members of the Information Technology (IT) Government Coordinating Council (GCC) and IT Sector Coordinating Council (SCC) to help stakeholders incorporate security considerations when acquiring Internet of Things devices, systems, and services.