This book presents a unique, step-by-step approach for monitoring, detecting, analyzing and mitigating complex network cyber threats. It includes updated processes in response to asymmetric threats, as well as descriptions of the current tools to mitigate cyber threats.
Featuring comprehensive computer science material relating to a complete network baseline with the characterization hardware and software configuration, the book also identifies potential emerging cyber threats and the vulnerabilities of the network architecture to provide students with a guide to responding to threats.
The book is intended for undergraduate and graduate college students who are unfamiliar with the cyber paradigm and processes in responding to attacks.
Author(s): Fiedelholtz
Series: Studies in Systems, Decision and Control, 274
Publisher: Springer
Year: 2020
Language: English
Pages: 97
City: Cham
Preface
Acknowledgements
Introduction
Chapter 1 Pre-incident Planning and Analysis
Chapter 2 Incident Detection and Characterization
Chapter 3 Vulnerability/Consequence Analysis
Chapter 4 Incident Response and Recovery
Chapter 5 Cloud Architecture
Chapter 6 Lessons Learned
Contents
List of Figures
1 Pre-incident Planning and Analysis
1.1 Steady-State and Continuous Monitoring
2 Incident Detection and Characterization
2.1 Detection
2.2 Threat Analysis
2.3 Malware Analysis
2.4 Cyber Incident Threat Information Process
References
3 Vulnerability/Consequence Analysis
3.1 Information Sharing
3.2 Vulnerability/Consequence Analysis
3.2.1 Collect Cyber Data
3.2.2 Physical Analysis of Cyber Controlled/Reliant Systems
3.3 Dependency/Interdependency Analysis
3.3.1 Identify Internal Impacts
3.3.2 Identify External Impacts
3.4 Analysis Reporting
References
4 Incident Response and Recovery
4.1 Information Sharing
4.1.1 Cyber Incident Response
4.1.2 Notify Authority of Cyber Operation Center
4.1.3 Review and Provide Feedback from the Cyber Operational Center
4.1.4 Coordinate for Cyber-Physical Analysis
4.1.5 Produce and Share Analysis
4.1.6 Provide Situational Awareness
4.2 Mitigation Activities
4.2.1 Identify and Review Physical System Configuration
4.2.2 Estimate Recovery of the Systems
4.2.3 Develop and Implement Courses of Action
4.3 Response and Recovery
4.3.1 Describe Resiliency of the Infrastructure in Question to Determine Response and Recovery Action Plans
4.3.2 Identify Constraints and/or Limitations of the Response and Recovery Action Plans
4.3.3 Project Timeframe for Response and Recovery Plans
4.3.4 Local, State, Regional, and National Consequences
4.3.5 Qualitative/Quantitative Likelihood and Consequence of Disruption Event Response
4.3.6 Product Distribution
4.4 Cyber-Physical Digital Media Analysis
References
5 Cloud Architecture
5.1 Cloud Service Models
5.2 Deployment Models
5.3 Amazon Web Services (AWS) Cloud Models
5.4 Azure Microsoft Web Services Cloud Models
6 Lessons Learned
Reference
Appendix A Cyber Network Hardware and Software Operating Procedure (SOP)
Appendix B Cyber-Physical Mapping Framework Analysis Process Matrix
Appendix C OWASP Top Ten Cyber Attacks
Appendix D Structured Threat Information EXpression (STIX™)
D.1 STIX™
D.2 CybOX™
D.3 TAXII™
Appendix E Open Systems Interconnection (OSI) Reference Model
E.1 Physical Layer
E.2 Data Link Layer
E.3 Network Layer
E.4 Transport Layer
E.5 Session Layer
E.6 Presentation Layer
E.7 Application Layer
E.8 The User
Appendix F Cybersecurity Toolsa
Appendix G Acronyms and Abbreviations
Appendix H Glossary of Termsa
References
