5.02-Cyber Security Improvements
Task Provide cyber security improvement recommendations to Mission Partner (MP)¶
Conditions¶
Given an IR Team deployed supporting a designated MP in Cyber Incident Recovery.
Standards¶
Upon moving into the Recovery Phase, the DCO-E should review their documentation and findings (from previous port, network, service, and vulnerability scans) to provide improvement recommendations to the MP. These recommendations may include the following areas:
- Unauthorized Devices
- Unauthorized Software
- Hardware and Software Configurations
- Vulnerability Assessments and Remediation
- Administrative Privileges
- Maintenance, Monitoring, and Analysis of Logs
- Email and Web Browser
- Malware Defense
- Management of Network Ports
- Data Recovery
- Network Device Configurations
- Boundary Defense
- Data Protection
- Need to Know Access
- Wireless Access
- User Account Management
- User Cyber Security Training
- Application Software Security
- Incident Response Management
- Cyber Security Exercises
The IR Team should provide recommendations in a format agreed upon with the supported MP.
End State¶
IR Team provides written recommendations to the supported MP on improving their cyber security posture (minimum focus on the network defense plan).
Notes¶
Providing cyber security improvement recommendations begins with solid documentation of vulnerabilities identified upon arriving on site.
Manual Steps¶
Running Scripts¶
Dependencies¶
References¶
NIST Cyber Security Framework
NIST SP 800-184: Guide to Cyber Event Recovery
US CERT: Cyber Resilience Review Self Assessment Package