keypoints
August 3

Whack-a-Mole: The Never-Ending Game of Cyber Defense

The key points that give an idea of the doctrine (Cyber Defense Doctrine that Manages Risks: a Complete Applied Guide to Organizational Cyber Defense) are presented as follows:

πŸ“Œ Purpose (main): promotion Cyber Defense within the Israeli economy and is part of the national effort to protect civilian cyberspace

πŸ“Œ Purpose (secondary): aims to provide an orderly professional method for managing cyber risks in organizations. It helps organizations recognize relevant risks, formulate a defensive response, and implement a risk reduction plan accordingly.

πŸ“Œ Categories of Organizations: The categorization of two types based on the potential damage from a cyber incident (Category A includes organizations with medium-to-low potential for damage, while Category B includes organizations with a high potential for damage).

πŸ“Œ Risk Assessment and Management Process: different methods for risk assessment and management, depending on the organization's size, compliance with legal and regulatory requirements, and other parameters (e.g. with relatively small potential for damage up to USD 1.5 million and greater potential for damage).

πŸ“Œ Outcome: organizations will understand their organizational risk map and what controls are needed to reduce those risks. These controls will form the basis for building the work plan, allocating resources, and preparing the organization accordingly.

πŸ“Œ Principles of Defense Doctrine: management responsibility, defense from the adversary's view, defense based on Israeli knowledge and experience, defense in accordance with the potential for damage, and defense based on depth of implementation.

Areas of defense

There are five main areas into which cyber defense is divided are:

πŸ“Œ Identify: This function involves developing an organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

πŸ“Œ Protect: This function outlines appropriate safeguards to ensure delivery of critical infrastructure services.

πŸ“Œ Detect: This function defines the appropriate activities to identify the occurrence of a cybersecurity event.

πŸ“Œ Respond: This function includes the appropriate activities to take action regarding a detected cybersecurity incident.

πŸ“Œ Recover: This function identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident

These functions were built in accordance with the NIST Cybersecurity Framework (CSF), which provides a high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.

NIST Relation

The document uses the NIST CSF as a basis for its Control Bank. The Control Bank is a centralized set of cybersecurity recommendations divided into five main areas of cyber defense: Identify, Protect, Detect, Respond, and Recover.

The NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) is a set of guidelines and best practices designed to help organizations manage and reduce cybersecurity risk. It provides a common language for understanding, managing, and expressing cybersecurity risk both internally and externally. The framework is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles.

These areas align directly with the five functions of the NIST CSF.

πŸ“Œ Identify – Develop an understanding of how to manage cybersecurity risk to systems, people, assets, data, and capabilities.

πŸ“Œ Protect – Implement safeguards to ensure delivery of critical services.

πŸ“Œ Detect – Identify the occurrence of a cybersecurity event.

πŸ“Œ Respond - Act regarding a detected cybersecurity incident.

πŸ“Œ Recover – Maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.