NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Similar documents
Cybersecurity Framework Security Policy Mapping Table

Automation Suite for NIST Cyber Security Framework

CRR-NIST CSF Crosswalk 1

Applying IBM Security solutions to the NIST Cybersecurity Framework

Happy First Anniversary NIST Cybersecurity Framework:

NIST Cybersecurity Framework & A Tale of Two Criticalities

Improving Critical Infrastructure Cybersecurity Executive Order Preliminary Cybersecurity Framework

Critical Manufacturing Cybersecurity Framework Implementation Guidance

ISO COMPLIANCE WITH OBSERVEIT

Appendix B: Mapping Cybersecurity Assessment Tool to NIST

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

Welcome! Designing and Building a Cybersecurity Program

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide

Framework for Improving Critical Infrastructure Cybersecurity

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015

Framework for Improving Critical Infrastructure Cybersecurity

HITRUST Common Security Framework Summary of Changes

Weak (1.0) Limited (2.0) Effective (3.0) Strong (4.0) Very Strong (5.0)

ACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector

How To Manage Security On A Networked Computer System

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

TRIPWIRE NERC SOLUTION SUITE

TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT

Applying Framework to Mobile & BYOD

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

INCIDENT RESPONSE CHECKLIST

Discussion Draft of the Preliminary Cybersecurity Framework

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

I D C A N A L Y S T C O N N E C T I O N

CRR Supplemental Resource Guide. Volume 5. Incident Management. Version 1.1

Strengthen security with intelligent identity and access management

Ecom Infotech. Page 1 of 6

Building Security In:

Summary of CIP Version 5 Standards

Attachment A. Identification of Risks/Cybersecurity Governance

ARS v2.0. Solution Brief. ARS v2.0. EventTracker Enterprise v7.x. Publication Date: July 22, 2014

The Impact of HIPAA and HITECH

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013.

HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES

Cyber Security Metrics Dashboards & Analytics

PowerBroker for Windows Desktop and Server Use Cases February 2014

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Standard: Information Security Incident Management

Big Data, Big Risk, Big Rewards. Hussein Syed

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

OBSERVEIT 6.0 WHAT S NEW

LogRhythm and NERC CIP Compliance

Framework for Improving Critical Infrastructure Cybersecurity

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Security Overview. BlackBerry Corporate Infrastructure

PowerBroker for Windows

Department of Management Services. Request for Information

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

IBM SECURITY QRADAR INCIDENT FORENSICS

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

State of Vermont. Intrusion Detection and Prevention Policy. Date: Approved by: Tom Pelham Policy Number:

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

VMware vcloud Air HIPAA Matrix

Data Management Policies. Sage ERP Online

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Cybersecurity The role of Internal Audit

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

SANS Top 20 Critical Controls for Effective Cyber Defense

Threat Management: Incident Handling. Incident Response Plan

C Y B E R S E C U R I T Y INSIDER THREAT BEST PRACTICES GUIDE JULY 2014

Securing Remote Vendor Access with Privileged Account Security

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Solution Brief for ISO 27002: 2013 Audit Standard ISO Publication Date: Feb 6, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Securing SharePoint 101. Rob Rachwald Imperva

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

SecureVue Product Brochure

WHITE PAPER. Automated IT Asset Management Maximize Organizational Value Using Numara Track-It! p: f:

State of Oregon. State of Oregon 1

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Stay ahead of insiderthreats with predictive,intelligent security

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

Sarbanes-Oxley Compliance for Cloud Applications

CYBERSECURITY EXAMINATION SWEEP SUMMARY

The SIEM Evaluator s Guide

Hands on, field experiences with BYOD. BYOD Seminar

Transcription:

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a voluntary risk-based Cybersecurity Framework a set of industry standards and best practices to help organizations address and manage cybersecurity risk in a cost-effective way. Its goal is to help organizations ensure the availability and reliability of critical infrastructure targeting utilities, energy, healthcare, financial services, manufacturing etc. The NIST Framework is increasingly used by many organizations as the foundation for their security programs. ObserveIT is an insider threat platform for the detection and response to insider risks. The heart of the capabilities of ObserveIT is in the ability to detect suspicious and fraudulent activities on all layers of IT both at the infrastructure and Business applications and allow the organization to implement its risk management policy through its built in risk engine. ObserveIT is built or compliance. It allows the ability to document the policy and he recovery plans as a part of its the alerting facility, Provides detailed and yet highly user friendly reporting and forensics capabilities that simplify investigations and audits, and enforces strict access controls on its own administrators to comply with regulations. THE FRAMEWORK CORE The Framework Core is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Framework Core consists of five concurrent and continuous Functions: Identify, Protect, Detect, Respond, and Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization s management of cybersecurity risk. As an insider threat platform, ObserveIT addresses the bulk of the requirements for Detect and Respond. However, it also provides support of complying with the other core framework elements. IDENTIFY (ID) The Identify function is responsible for the development of the organizational understanding how to manage cybersecurity risk. It enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Asset Management (ID.AM): ObserveIT can help with the inventory of software platforms and applications by providing a detailed activity log of assets used by users including desktops, servers, and applications being accessed. The information can be collected through reports and can augment information received from identity management or asset management systems by providing the actual use of these assets by the users. Business Environment (ID.BE): The organization s mission, objectives, stakeholders, and activities are understood and prioritized to inform cybersecurity roles, responsibilities, and risk management decisions. ObserveIT notifies employees of the security policy relating to the workstation they are logging in to and require acknowledgement of reading the policy prior to allowing access. Live messages can also be sent directly to the end user machine.

Governance (ID.GV): The policies, procedures, and processes to manage and monitor the organization s regulatory, legal, risk, environmental, and operational requirements are understood. ObserveIT monitors the policy and alerts are defined to detect violations notifying the security role holders responsible for the procedures and coordinating with external partners. ObserveIT strictly protects the personal information of its monitored subjects by scoping monitoring by applications, restricting the recording to protect personal. Risk Assessment (ID.RA): To help the organization understand the cybersecurity risk to organizational operations. Alerts are defined in ObserveIT to detect asset vulnerability exploitation, and response actions are configured to notify and trigger incident management systems. Alerts are configured with a Risk score based on the organizations risk assessment process. Risk Management Strategy (ID.RM): The risk management process is established by assigning risk scores in ObserveIT s risk model to policy violation alerts. Organizational risk tolerance thresholds are defined and aggregated. Specific response actions can be triggered to inform role holders of violations. PROTECT (PR) The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Access Control (PR.AC): ObserveIT can limit access to assets and associated facilities to authorized users, processes, or devices, as well as limit to authorized activities and transactions within these assets using secondary authentication and service desk integration. Remote access over a Terminal Server or Citrix can be managed and monitored. Access permissions are managed, incorporating the principles of least privilege and separation of duties by triggering alerts in ObserveIT for violations of access both in IT systems as well as business applications. Awareness and Training (PR.AT): ObserveIT assists with awareness and training by notifying employees of the security policy relating to the workstation they are logging in to and requiring acknowledgement of reading the policy prior to allowing access. Live messages can be sent directly to the end user machine notifying them to stop any out of policy activities. Privileged users and third party users can receive a message on login regarding responsibilities when using a privileged account. Data Security (PR.DS): ObserveIT monitors access to data within applications, alert on misuse, and provide proof of who viewed the data. ObserveIT installed on desktops will capture, and record on screen email and messenger communication to allow for effective enforcement of the information transfer policies and provide protection against data breaches. Integrity checking can be achieved by setting alerts on specific configuration files to notify and record any changes made. ObserveIT Ticketing integration can enforce separation of access such that developers that are not permitted to login to a production systems and monitor access to production for maintenance and troubleshooting purposes. Information Protection Processes and Procedures (PR.IP): The NIST framework requires that Security policies, processes, and procedures are maintained and used to manage protection of information systems and assets. ObserveIT is integrated into service management tools such as Remedy, and ServiceNow in order to facilitate the automation of your IT process and is fully compliant in how it manages and audits its own administrators.

Maintenance (PR.MA): Maintenance and repairs of industrial control and information system components need to be performed consistent with policies and procedures. ObserveIT records all user activities on the desktops, in applications, and on servers monitoring the maintenance process providing all of the required information for investigation if needed. ObserveIT is used broadly to monitor external service providers by monitoring the gateway through which external providers gain access to the environment or selectively monitoring external service providers on internal server and workstations. Protective Technology (PR.PT): Technical security solutions need to be managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements. Audit/log records are determined, documented, implemented, and reviewed with ObserveIT. ObserveIT records all user activity including applications that do not produce logs, as well as access to removable data. Access to systems and assets is controlled, incorporating the principle of least functionality through ObserveIT s integration with ticketing systems that can limit access based on an active approved service ticket. ObserveIT monitoring all activities on the systems, including granular recording of SFTP communications and commands, protects communications and control networks. DETECT (DE) The Detect Function enables timely discovery of cybersecurity events including: Anomalies and Events; Security Continuous Monitoring; and Detection Processes. Anomalies and Events (DE.AE): Anomalous activity is detected in real-time by ObserveIT alerts. Alerts are configured to include the description of the impact of the event and the required actions for ease of investigation. A baseline of network operations and expected data flows for users and systems is established by ObserveIT monitoring user activities in business applications and IT infrastructure, creating indexed searchable activity logs, and recorded sessions that can be used to establish a baseline of expected behavior. Alerts are configured to detect attack methods and targets. ObserveIT collects user activity from multiple sources including OS access, Client and Web Applications, Desktops, Servers, Etc. The information can also be exported into an aggregator tool such as a SIEM. Security Continuous Monitoring (DE.CM): The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures. ObserveIT records all user activity on the desktops, in applications, and on servers to monitor personnel activity, detect potential cybersecurity events, and provides alerts on unauthorized activities. External service provider activity is monitored using ObserveIT monitoring the gateway through which external providers gain access to the environment or selective monitoring of the external service providers users on the actual machines. Detection Processes (DE.DP): Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events. ObserveIT provides a robust framework within the product for the documentation and communication of the policy to personnel and decision makers. ObserveIT alerts are configured to provide email notification to the respective security personnel. Detection activities may sometimes challenge privacy regulations. ObserveIT strictly protects the personal information of its monitored subjects by

scoping monitoring by applications, restricting the recording to activity logs only without screen recording to protect personal on screen data, and provides strict access controls on viewing sessions. RESPOND (RS) Organizations are required to develop and implement the appropriate activities to take action regarding a detected cybersecurity event. The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Analysis (RS.AN): Analysis is conducted to ensure adequate response and support recovery activities. ObserveIT alerts are configured to include the description of the impact of the event and the required actions and can be categorized accordingly. When an alert is generated, all of the required information for investigation is available within the ObserveIT Web Console so the impact of the alert is understood. Forensic investigation is enabled since recorded sessions and logs are stored securely and provide full chain of custody on exactly what happened during an incident. ObserveIT has an intuitive user interface that doesn t require any special skills. Mitigation (RS.MI): Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident. Newly identified vulnerabilities can be easily set as alerts in ObserveIT including their risk score which serves as the needed documentation of the improvement process. Improvements (RS.IM): Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities. The security alerts within ObserveIT are easily updated as new vulnerabilities or social engineering patterns are identified. RECOVER (RC) The Recover Function supports timely recovery to normal operations to reduce the impact from an event. Recovery Planning (CARP): Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events. ObserveIT s Integration with ServiceDesk systems can initiates and fully integrates the execution of a recovery plan. Improvements (RC.IM): Recovery planning and processes are improved by incorporating lessons learned into future activities. ObserveIT provides an intuitive forensics and analysis tool to help learn from past events and easily update the security alerts with new vulnerabilities or lessons learned both from a detection perspective as well as updating the recovery steps added to alerts. SUMMARY ObserveIT protects against cyber threats by providing an adaptive security framework that supports the activities and guidelines defined by the NIST framework identify cyber security targets and threats by detecting advanced threats both at the IT system level but also at the business application level. ObserveIT protects against these threats through active and passive controls, detects and responds to the risks with advanced alerting and forensics capabilities, and finally help recover from breaches by integrating into the recovery plans and systems.

For a more detailed description of how ObserveIT handles each of the framework s controls and technical information about the product features please visit www.observeit.com/resources.

ABOUT OBSERVEIT ObserveIT is an Insider Threat Solution. With ObserveIT, security and compliance teams can detect and respond to authorized users doing unauthorized things. ObserveIT protects enterprises from data loss, fraud and IP theft across third-parties, privileged users, and business users while maintaining privacy. ObserveIT analyzes exactly what the user does during a session using our proprietary metadata and contextual screen captures to assign the most accurate risk score to users and eliminate false positives from normal activity. We provide immediate notification and real-time calculation of users risk. When a risky action is performed such as exporting confidential customer information or accessing resources they shouldn t be accessing the user gets a score based on the severity of the activity. Our user behavior analytics and risk scoring will prioritize internal investigation so security teams can focus on which users are actually putting your business at risk on an enterprise-scale. ObserveIT is trusted by over 1,200 customers in 70 countries across all verticals. For more information on ObserveIT, visit www.observeit.com, or find us on Twitter @ObserveIT. TRUSTED BY 1200+ CUSTOMERS OBSERVEIT KNOW WHAT USERS ARE PUTTING YOUR BUSINESS AT RISK Start monitoring in minutes, free: www.observeit.com/tryitnow

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information