Section 1: Functionality & Capability

Question Title

* 1. Cyber Asset Inventory: A cybersecurity program needs to understand and control the IT, OT, and information assets that are necessary to sustain operations. Assets might be systems devices, including traditional IT computers, routers, and servers, but might also include OT equipment such as programmable logic controllers (PLCs) and other control system elements. Also, inventories need to be kept up to date throughout the lifecycle of such assets.

Question Title

* 2. Configuration Baseline: To help keep track of changes to IT and OT assets, many organizations establish configuration baselines that define the software, hardware, and settings for these devices. Baselines can be used to identify unauthorized or unapproved changes to an asset, set up new assets consistently, and reset or restore an asset when needed.

Question Title

* 3. Access Control: Controlling physical and electronic access to IT and OT assets and systems is an important step in securing the operating environment. This includes the process of creating user accounts and passwords and determining the requirements for access.

Question Title

* 4. Vulnerability Management: Cybersecurity vulnerabilities are weaknesses or flaws in IT or OT systems (or in the procedures or controls used to protect those systems) that can be leveraged by adversaries. Managing these vulnerabilities is an important security protection. The most common vulnerability management techniques include regular patching cycles and network isolation.

Question Title

* 5. Threat Management: Wholly distinct from vulnerabilities, cybersecurity threats are adversaries with some capability and motive to affect an organization through cyber means. Cybersecurity threats can also be events that would cause harm to the organization.

A common way to describe the relationship is that threats (such as hackers) use vulnerabilities (such as system weaknesses) to attack organizations. Threat management activities include being aware of threats that are focusing on your sector, your region, or specific types of assets that you have. They might also include monitoring of recent events and analysis of how an event could be applicable.

Question Title

* 6. Cyber Risk Management: Cybersecurity risk is the potential harm to operations that could arise from unauthorized disclosure of the organization's information, misuse of its information, IT, or OT systems, and other cyber perils. Dependence on technology has resulted in an increase in cybersecurity risk.

Risk is often viewed as the product of vulnerabilities, threats, and impacts. Vulnerability assessments are informative for analyzing weaknesses, but if there is no threat that can exploit the weakness, or if there is no way to have negative impacts due to that weakness, it may not be a notable risk. Identification of risks is a high-level governance discussion that combines technical knowledge with operational impacts knowledge.

Question Title

* 7. Cyber Event Detection: A cybersecurity event is any occurrence that has a potential impact to the cybersecurity of the organization's IT or OT systems. Such events are often relatively minor (e.g., forgotten passwords), but can be escalating (e.g., an increasing number of users are unable to log in), or major (e.g., a network outage is preventing communications to remote assets). Detecting cybersecurity events requires knowledge of IT and OT assets and systems, as well as defined roles and capabilities to track events.

Events that have the potential to significantly impact the organization are declared to be incidents and require a response to minimize the impact to operations or restore functionality.

Question Title

* 8. Cyber Incident Response: As previously mentioned, cybersecurity events can escalate to cybersecurity incidents.  Recall that incidents have the potential to significantly impact the organization and require a response to minimize the impact to operations or restore functionality.  Incident response capabilities require preplanning and knowledge of both security and engineering/operations.

Question Title

* 9. Operational Resiliency: Part of responding to a cybersecurity incident or other disruptive events is sustaining at least minimal operations while returning to normal operations. Doing so requires knowledge of business impacts and the systems needed to sustain minimal operations.

Question Title

* 10. Monitoring Cyber System Activity: Logging and monitoring of IT and OT systems is a vital capability for detecting cyber events or incidents and for capturing information that can be used to analyze an event or incident. These capabilities, however, may not be possible for certain pieces of equipment based on your IT and OT environment.

Question Title

* 11. Cyber Threat & Event Information Sharing: Information sharing is a two-way flow of information between organizations, either directly or through a trusted third party. During a cyber event, you may use information-sharing practices to inform other organizations so that they can be on alert for similar events. Your organization may benefit from information sharing by being alerted of escalating cybersecurity events or threat conditions in your sector.

Question Title

* 12. Supply Chain Risk: Supply chain risk is an increasing concern for most organizations. Supply chain refers to how assets, systems, software, services, and materials are procured. This includes the purchase of new laptops, industrial control system equipment, consulting or maintenance services, raw materials, and even power. Each organization is also part of the supply chain and should identify its role as a supplier to others, especially in any case where customer data or digital connectivity to a customer can pose risk to the organization or to the customer.

Question Title

* 13. Workforce Management and Cybersecurity Training: Despite all the technical discussions surrounding cybersecurity, employees and contractors represent some of the biggest risks to a security program. How workforce and cybersecurity training are managed will have a large impact on organizational security.

Question Title

* 14. Cybersecurity Program Management: A cybersecurity program is a managed set of activities designed to provide governance for the organization. Such a program typically includes objectives for improving cybersecurity over time and a foundational strategy for managing cybersecurity and would provide leadership and resources for cybersecurity activities.

0 of 28 answered
 

T