Environmental Engineering Reference
In-Depth Information
during a time of crisis. As part of identifying cyber security require-
ments, include user agreements and notification and warning ban-
ners. Establish requirements to minimize the threat from malicious
insiders, including the need for conducting background checks and
limiting network privileges to those absolutely necessary.
1 7.
Establish effective configuration management processes.
A fundamental
management process needed to maintain a secure network is config-
uration management. Configuration management must cover both
hardware configurations and software configurations. Changes
to hardware or software can easily introduce vulnerabilities that
undermine network security. Processes are required to evaluate
and control any change to ensure that the network remains secure.
Configuration management begins with well-tested and docu-
mented security baselines for your various systems.
18.
Conduct routine self-assessments.
Robust performance evaluation pro-
cesses are needed to provide organizations with feedback on the
effectiveness of cyber security policy and technical implementa-
tion. A sign of a mature organization is one that is able to identify
issues, conduct root-cause analyses, and implement effective cor-
rective actions that address individual and systemic problems. Self-
assessment processes that are normally part of an effective cyber
security program include routine scanning for vulnerabilities, auto-
mated auditing of the network, and self-assessments of organiza-
tional and individual performance.
19.
Establish system backups and disaster recovery plans.
Establish a disaster
recovery plan that allows for rapid recovery from any emergency
(including a cyber attack). System backups are an essential part of
any plan and allow rapid reconstruction of the network. Routinely
exercise disaster recovery plans to ensure that they work and that
personnel are familiar with them. Make appropriate changes to
disaster recovery plans based on lessons learned from exercises.
20.
Senior organizational leadership should establish expectations for cyber
security performance and hold individuals accountable for their perfor-
mance.
Effective cyber security performance requires commitment
and leadership from senior managers in the organization. It is essen-
tial that senior management establish an expectation for strong
cyber security and communicate this to their subordinate managers
throughout the organization. It is also essential that senior organiza-
tional leadership establish a structure for implementation of a cyber
security program. This structure will promote consistent implemen-
tation and the ability to sustain a strong cyber security program.
It is then important for individuals to be held accountable for their
performance as it relates to cyber security. This includes managers,
system administrators, technicians, and users/operators.
