• Complain

Natalie Sjelin (editor) - Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM) (Advances in Information Security, Privacy, and Ethics)

Here you can read online Natalie Sjelin (editor) - Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM) (Advances in Information Security, Privacy, and Ethics) full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2020, publisher: IGI Global, genre: Politics. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Natalie Sjelin (editor) Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM) (Advances in Information Security, Privacy, and Ethics)
  • Book:
    Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM) (Advances in Information Security, Privacy, and Ethics)
  • Author:
  • Publisher:
    IGI Global
  • Genre:
  • Year:
    2020
  • Rating:
    3 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 60
    • 1
    • 2
    • 3
    • 4
    • 5

Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM) (Advances in Information Security, Privacy, and Ethics): summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM) (Advances in Information Security, Privacy, and Ethics)" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

As society continues to heavily rely on software and databases, the risks for cyberattacks have increased rapidly. As the dependence on computers has become gradually widespread throughout communities and governments, there is a need for cybersecurity programs that can assist in protecting sizeable networks and significant amounts of data at once. Implementing overarching security policies for software systems is integral to protecting community-wide data from harmful attacks.

Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM) is an essential reference source that discusses methods in applying sustainable cybersecurity programs and policies within organizations, governments, and other communities. Featuring research on topics such as community engagement, incident planning methods, and information sharing, this book is ideally designed for cybersecurity professionals, security analysts, managers, researchers, policymakers, students, practitioners, and academicians seeking coverage on novel policies and programs in cybersecurity implementation.

Natalie Sjelin (editor): author's other books


Who wrote Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM) (Advances in Information Security, Privacy, and Ethics)? Find out the surname, the name of the author of the book and a list of all author's works by series.

Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM) (Advances in Information Security, Privacy, and Ethics) — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM) (Advances in Information Security, Privacy, and Ethics)" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Chapter 1 The Community Cybersecurity Maturity Model CCSMM ABSTRACT Lessons - photo 1
Chapter 1
The Community Cybersecurity Maturity Model (CCSMM)

ABSTRACT

Lessons learned from the community cyber security exercises showed common threads each community needed to focus on in order to improve the communitys cyber security posture. These similarities were grouped into four areas of improvement called dimensions. The dimensions are awareness, information sharing, policies, and planning. The methods in which communities can implement improvement are called implementation mechanisms. These mechanisms are common approaches used every day such as establishing metrics, implementing technologies, creating processes and procedures, and conducting training and assessments.

INTRODUCTION

Threats to communities have been traditionally thought of in terms of natural disasters. There have been a number of U.S. cities that have been severely damaged or completely destroyed by natural disaster. Galveston, Texas was hit by a category 4 hurricane in 1900, destroying nearly 4000 homes, all bridges to the mainland, telegraph lines, most ships in the wharf and even rail lines as far as 6 miles inland (Crezo, 2012). In 1906, San Francisco, California experienced an earthquake followed by fires. The initial tremors destroyed the citys water mains, leaving firefighters with no means of combating the growing blaze, which burned for several days and consumed much of the city (History.com, 2018). The St. Louis Tornado Disaster in 1927, killed 79 people and caused $1.8 billion dollars in damage (adjusted) (Crezo, 2012). More recent disasters that should be noted here are Hurricane Katrina in 2005 that flooded 80% of New Orleans after the levees failed, and Superstorm Sandy affecting New Jersey and New York in 2012. Sandy knocked out subway service in New York City and destroyed multi-million-dollar homes at the Jersey Shore. (Harrington, 2018).

These early natural disasters led to the creation of the Federal Emergency Management Agency (FEMA) in 1979. The Federal Emergency Management Agency coordinates the federal government's role in preparing for, preventing, mitigating the effects of, responding to, and recovering from all domestic disasters, whether natural or man-made, including acts of terror (Fema.gov).

Since FEMAs inception, it has assumed a variety of roles, but it continues to maintain its original mission and over the years has produced many guides to assist communities to prepare for disasters. In 2012, FEMA published a guide called Threat and Hazard Identification and Risk Assessment Guide: Comprehensive Preparedness Guide (CPG) 201, First Edition. In this guide a table of threats and hazards was provided for jurisdictions to identify the risks most likely to impact their community. Identifying the threats will assist the community to focus preparedness efforts and resources. The risks are categorized into three specific areas:

  • Natural resulting from acts of nature
  • Technological involves accidents or the failures of systems and structures
  • Human-caused caused by the intentional actions of an adversary
Figure 1.
Notice in Figure 1 the list of threats has expanded beyond natural disasters - photo 2

Notice in Figure 1, the list of threats has expanded beyond natural disasters. This table represents the recognition that communities potentially face many threats that once were not considered. Cyber incidents are also listed in this table under the human-caused threats. This is significant because it shows the federal government has recognized cyber incidents as a threat a community should prepare for and build capabilities to prevent, protect, mitigate, respond to and recover from.

In May of 2018, the 3rd Edition of the Comprehensive Preparedness Guide (CPG) 201 was published, and the list of example threats expanded and changed the cyber references to cyber-attack against data and cyber-attack against infrastructure as seen in Table 2. These examples suggest the recognition of the cyber threat to a community can potentially impact systems that store data and any systems that are used to support the infrastructure.

Figure 2.
Once a community has identified the threats and hazards it faces preparedness - photo 3

Once a community has identified the threats and hazards it faces, preparedness efforts can be planned, processes and procedures can be developed and implemented, and capabilities the community plans to achieve to manage the threats can be put in place. Exercises are then used to test the plans to see how well they work and are also used to assess existing capabilities needed to respond to an incident. There are different types of exercises that can be used to assess the community plans, processes, and capabilities. They are:

  • Walkthroughs, Workshops, or Orientation Seminars: Used to provide information regarding the response, continuity, communications plans and roles and responsibilities.
  • Tabletop Exercises : Facilitated discussion used to describe roles and response capabilities through scenarios provided.
  • Functional Exercises : Used to simulate an emergency situation allowing personnel to perform their duties. This type of exercise tests capabilities of the team, processes and shows the availability of resources needed.
  • Full-scale Exercises : Takes place on location using personnel and equipment that would be needed to respond to an incident, and local businesses often participate. This type of exercise is the most realistic (Exercises, n.d.).

Exercises help the community to recognize weaknesses they may have in terms of capability to address an incident, resources that may be needed and availability of that resource and the procedures that may be missing or should be changed before an incident occurs.

This chapter describes the creation of the Community Cyber Security Maturity Model (CCSMM). The model was designed and created as a result of the lessons learned from many community and state cybersecurity tabletop exercises that were conducted from 2002 through 2008. Tabletop exercises were used because this method provides a platform to achieve maximum participation and low-cost execution. The use of tabletop exercises allows the participants to gain an awareness of the cyber threat, its potential impacts on the community, and allows the participants to recognize the gaps the community may have in their preparedness. The intent of the CCSMM is to provide a framework that can be used to develop a cybersecurity program for a community.

BACKGROUND

The Center for Infrastructure Assurance and Security (CIAS), a cybersecurity research center, at the University of Texas at San Antonio (UTSA) was established in 2001. During this time, there was very little, if any, cybersecurity research nor outreach initiatives being conducted at the university. The CIAS was the first center established to address cybersecurity initiatives. Through the CIAS, cybersecurity research was encouraged in the College of Computer Science, College of Business, and the College of Engineering. The first cybersecurity community outreach initiative accomplished by the CIAS was a tabletop exercise known as Darkscreen.

The Darkscreen tabletop exercise was the initial community cybersecurity exercise led by the CIAS. The exercise was the first of its kind, that we know of, and was conducted in San Antonio, Texas in fall of 2002. The exercise scenario focused on fairly simple cybersecurity events. There were no physical attack events as part of this exercise. This is a significant point. The CIAS researchers believed that developing a cybersecurity exercise that excluded physical events would force the participants to focus on how they would handle a cybersecurity event. The idea was that if physical was integrated into an exercise before participants were comfortable with cybersecurity events, they would focus all their attention on the event that was understood, and they knew how to respond to. By developing an exercise that only contained cyber events, the participants would be able to focus their efforts on each cyber incident and have facilitated discussions about what each incident could potentially do to the organization, what response might be appropriate, and when to share information about a cyber incident.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM) (Advances in Information Security, Privacy, and Ethics)»

Look at similar books to Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM) (Advances in Information Security, Privacy, and Ethics). We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM) (Advances in Information Security, Privacy, and Ethics)»

Discussion, reviews of the book Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM) (Advances in Information Security, Privacy, and Ethics) and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.