A. Amiruddin, Hafizh Ghozie Afiansyah, Hernowo Adi Nugroho
{"title":"使用NIST CSF v1.1、NIST SP 800-53 Rev. 5和CIS Controls v8进行网络风险管理规划","authors":"A. Amiruddin, Hafizh Ghozie Afiansyah, Hernowo Adi Nugroho","doi":"10.1109/ICIMCIS53775.2021.9699337","DOIUrl":null,"url":null,"abstract":"With the use of information systems as a means for supporting the success of missions and objectives of organizations increased, the protection towards assets against cyber risks needs to be considered and paid more attention. Cyber-risk management planning can be carried out as a means or approach to protect assets from the risks of cyber-attacks. As a supporting unit in XYZ, the IT Unit has the responsibility to manage the information systems, information technology, and their infrastructure and services within the XYZ system. However, the IT Unit has never conducted a cybersecurity evaluation so it does not yet have a plan for cybersecurity risk management. In this study, we tailored a cyber-risk plan for the IT Unit of XYZ using NIST CSF as the main framework and CIS Controls v8 and NIST SP 800-53 Rev 5 for defining controls and action recommendations. As the results, we found 42 risk scenarios in the IT Unit in which 12 are accepted and 30 are mitigated. There are 14 actions recommendation for the IT Unit to reach tier 3 based on 18 controls of CIS and 20 controls of NIST SP 800-53 rev 5 that can be applied to control the current cyber-risk.","PeriodicalId":250460,"journal":{"name":"2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Cyber-Risk Management Planning Using NIST CSF v1.1, NIST SP 800-53 Rev. 5, and CIS Controls v8\",\"authors\":\"A. Amiruddin, Hafizh Ghozie Afiansyah, Hernowo Adi Nugroho\",\"doi\":\"10.1109/ICIMCIS53775.2021.9699337\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the use of information systems as a means for supporting the success of missions and objectives of organizations increased, the protection towards assets against cyber risks needs to be considered and paid more attention. Cyber-risk management planning can be carried out as a means or approach to protect assets from the risks of cyber-attacks. As a supporting unit in XYZ, the IT Unit has the responsibility to manage the information systems, information technology, and their infrastructure and services within the XYZ system. However, the IT Unit has never conducted a cybersecurity evaluation so it does not yet have a plan for cybersecurity risk management. In this study, we tailored a cyber-risk plan for the IT Unit of XYZ using NIST CSF as the main framework and CIS Controls v8 and NIST SP 800-53 Rev 5 for defining controls and action recommendations. As the results, we found 42 risk scenarios in the IT Unit in which 12 are accepted and 30 are mitigated. There are 14 actions recommendation for the IT Unit to reach tier 3 based on 18 controls of CIS and 20 controls of NIST SP 800-53 rev 5 that can be applied to control the current cyber-risk.\",\"PeriodicalId\":250460,\"journal\":{\"name\":\"2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIMCIS53775.2021.9699337\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIMCIS53775.2021.9699337","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cyber-Risk Management Planning Using NIST CSF v1.1, NIST SP 800-53 Rev. 5, and CIS Controls v8
With the use of information systems as a means for supporting the success of missions and objectives of organizations increased, the protection towards assets against cyber risks needs to be considered and paid more attention. Cyber-risk management planning can be carried out as a means or approach to protect assets from the risks of cyber-attacks. As a supporting unit in XYZ, the IT Unit has the responsibility to manage the information systems, information technology, and their infrastructure and services within the XYZ system. However, the IT Unit has never conducted a cybersecurity evaluation so it does not yet have a plan for cybersecurity risk management. In this study, we tailored a cyber-risk plan for the IT Unit of XYZ using NIST CSF as the main framework and CIS Controls v8 and NIST SP 800-53 Rev 5 for defining controls and action recommendations. As the results, we found 42 risk scenarios in the IT Unit in which 12 are accepted and 30 are mitigated. There are 14 actions recommendation for the IT Unit to reach tier 3 based on 18 controls of CIS and 20 controls of NIST SP 800-53 rev 5 that can be applied to control the current cyber-risk.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
