|
|
| (21 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| {{Saved book | | <div class="nonumtoc">__TOC__</div> |
| |title=Comprehensive Guide to Developing and Implementing a Cybersecurity Plan
| | {{ombox |
| |subtitle=
| | | type = notice |
| |cover-image=
| | | style = width: 960px; |
| |cover-color=#f1e2d3
| | | text = This is sublevel23 of my sandbox, where I play with features and test MediaWiki code. If you wish to leave a comment for me, please see [[User_talk:Shawndouglas|my discussion page]] instead.<p></p> |
| | setting-papersize = A4
| |
| | setting-showtoc = 1
| |
| | setting-columns = 1
| |
| }} | | }} |
|
| |
|
| ==''Comprehensive Guide to Developing and Implementing a Cybersecurity Plan''== | | ==Sandbox begins below== |
| '''Title''': ''Comprehensive Guide to Developing and Implementing a Cybersecurity Plan''
| |
| | |
| '''Author for citation''': Shawn E. Douglas
| |
| | |
| '''License for content''': [https://creativecommons.org/licenses/by-sa/4.0/ Creative Commons Attribution-ShareAlike 4.0 International]
| |
| | |
| '''Publication date''': January 2020
| |
| | |
| Look across the internet and you will find a wealth of information about cybersecurity and the cybersecurity plan. However, much of that information is either disparate or, if comprehensive, difficult to access or expensive to acquire. In particular, a walk-through of the various steps involved with how an organization or individual develops, enforces, and maintains a cybersecurity plan is difficult to come by. This guide attempts to fill that gap, including not only a 10-step walk-through but also insight into regulations, standards, and cybersecurity standards frameworks, as well as how they all fit together with cybersecurity planning. This guide also includes a slightly simplified version of many of the security controls found in the National Institute of Standards and Technology's Special Publication 800-53, with additional resources to provide context, and mappings to LIMSpec, an evolving set of specifications for laboratory informatics solutions and their development. The guide attempts to be helpful to most people attempting to navigate the challenges of cybersecurity planning, with a slight bias towards laboratories implementing and updating information systems.
| |
| | |
| :[[User:Shawndouglas/sandbox/sublevel24|1. What is a cybersecurity plan and why do you need it?]]
| |
| :[[User:Shawndouglas/sandbox/sublevel25|2. What are the major regulations and standards dictating cybersecurity action?]]
| |
| ::2.1 Cybersecurity standards frameworks
| |
| :[[User:Shawndouglas/sandbox/sublevel26|3. Fitting a cybersecurity standards framework into a cybersecurity plan]]
| |
| :[[User:Shawndouglas/sandbox/sublevel27|4. NIST Special Publication 800-53, Revision 4 and the NIST Cybersecurity Framework]]
| |
| ::4.1 NIST Cybersecurity Framework
| |
| :[[User:Shawndouglas/sandbox/sublevel28|5. Develop and create the cybersecurity plan]]
| |
| ::5.1. Develop strategic cybersecurity goals and define success
| |
| ::5.2 Define scope and responsibilities
| |
| ::5.3 Identify cybersecurity requirements and objectives
| |
| ::5.4 Establish performance indicators and associated time frames
| |
| ::5.5 Identify key stakeholders
| |
| ::5.6 Determine resource needs
| |
| ::5.7 Develop a communications plan
| |
| ::5.8 Develop a response and continuity plan
| |
| ::5.9 Establish how the overall cybersecurity plan will be implemented
| |
| ::5.10 Review progress
| |
| :[[User:Shawndouglas/sandbox/sublevel28|6. Closing remarks]]
| |
| :[[User:Shawndouglas/sandbox/sublevel28|Appendix 1. A simplified description of NIST Cybersecurity Framework controls, with ties to LIMSpec]]
| |
| ::Appendix 1.1 Access control
| |
| ::Appendix 1.2 Awareness and training
| |
| ::Appendix 1.3 Audit and accountability
| |
| ::Appendix 1.4 Security assessment and authorization
| |
| ::Appendix 1.5 Configuration management
| |
| ::Appendix 1.6 Contingency planning
| |
| ::Appendix 1.7 Identification and authentication
| |
| ::Appendix 1.8 Incident response
| |
| ::Appendix 1.9 Maintenance
| |
| ::Appendix 1.10 Media protection
| |
| ::Appendix 1.11 Physical and environmental protection
| |
| ::Appendix 1.12 Planning
| |
| ::Appendix 1.13 Personnel security
| |
| ::Appendix 1.14 Risk assessment
| |
| ::Appendix 1.15 System and services acquisition
| |
| ::Appendix 1.16 System and communications protection
| |
| ::Appendix 1.17 System and information integrity
| |
| | |
| <!--Place all category tags here-->
| |
| [[Category:LIMSwiki books on software]]
| |
