ImageVerifierCode 换一换
格式:PDF , 页数:68 ,大小:2.50MB ,
资源ID:736404      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-736404.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI TR 103 305-2015 CYBER Critical Security Controls for Effective Cyber Defence (V1 1 1)《网络 有效网络防御的关键安全控制 (V1 1 1)》.pdf)为本站会员(medalangle361)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI TR 103 305-2015 CYBER Critical Security Controls for Effective Cyber Defence (V1 1 1)《网络 有效网络防御的关键安全控制 (V1 1 1)》.pdf

1、 ETSI TR 103 305 V1.1.1 (2015-05) CYBER; Critical Security Controls for Effective Cyber Defence TECHNICAL REPORT ETSI ETSI TR 103 305 V1.1.1 (2015-05) 2 Reference DTR/CYBER-003 Keywords Cyber Security, Cyber-defence, information assurance ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex -

2、FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be

3、 made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print

4、, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of thi

5、s and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or uti

6、lized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to

7、reproduction in all media. European Telecommunications Standards Institute 2015. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and o

8、f the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 103 305 V1.1.1 (2015-05) 3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g3Executive summary 4g3Introduction 5g31 Scope 6g32 References

9、 6g32.1 Normative references . 6g32.2 Informative references 6g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 7g34 Critical Security Controls . 8g34.0 Structure of the Critical Security Controls Document 8g34.1 CSC 1: Inventory of Authorized and Unauthorized Devices 9g3

10、4.2 CSC 2: Inventory of Authorized and Unauthorized Software 12g34.3 CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers . 15g34.4 CSC 4: Continuous Vulnerability Assessment and Remediation . 20g34.5 CSC 5: Malware Defences . 23g34.6 CSC 6: Ap

11、plication Software Security . 26g34.7 CSC 7: Wireless Access Control 29g34.8 CSC 8: Data Recovery Capability 32g34.9 CSC 9: Security Skills Assessment and Appropriate Training to Fill Gaps . 34g34.10 CSC 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches 36g34.11

12、CSC 11: Limitation and Control of Network Ports, Protocols, and Services . 39g34.12 CSC 12: Controlled Use of Administrative Privileges . 41g34.13 CSC 13: Boundary Defence . 45g34.14 CSC 14: Maintenance, Monitoring, and Analysis of Audit Logs . 49g34.15 CSC 15: Controlled Access Based on the Need to

13、 Know 52g34.16 CSC 16: Account Monitoring and Control . 54g34.17 CSC 17: Data Protection 57g34.18 CSC 18: Incident Response and Management . 60g34.19 CSC 19: Secure Network Engineering . 62g34.20 CSC 20: Penetration Tests and Red Team Exercises . 64g3Annex A: Attack Types 67g3History 68g3ETSI ETSI T

14、R 103 305 V1.1.1 (2015-05) 4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 00

15、0 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/ipr.etsi.org). Pursuant to the ETSI IPR Policy, no investiga

16、tion, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR

17、) has been produced by ETSI Technical Committee Cyber Security (CYBER). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules

18、(Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. Executive summary The present document captures and describes the top twenty Enterprise industry level cybersecurity best practices that provide enhanced c

19、yber security, developed and maintained by the Council on CyberSecurity as an independent, expert, global non-profit organization. The Council provides ongoing development, support, adoption, and use of the Critical Controls i.5. See (www.counciloncybersecurity.org). The Critical Security Controls r

20、eflect the combined knowledge of actual attacks and effective defences of experts from every part of the cyber security ecosystem. This ensures that the Controls are an effective and specific set of technical measures available to detect, prevent, respond, and mitigate damage from the most common to

21、 the most advanced of those attacks. The Controls are not limited to blocking the initial compromise of systems, but also address detecting already-compromised machines and preventing or disrupting attackers follow-on actions. The defences identified through these Controls deal with reducing the ini

22、tial attack surface by hardening device configurations, identifying compromised machines to address long-term threats inside an organizations network, disrupting attackers command-and-control of 5 implanted malicious code, and establishing an adaptive, continuous defence and response capability that

23、 can be maintained and improved. The five critical tenets of an effective cyber defence system as reflected in the Critical Security Controls are: Offense informs defence: Use knowledge of actual attacks that have compromised systems to provide the foundation to continually learn from these events t

24、o build effective, practical defences. Include only those controls that can be shown to stop known real-world attacks. Prioritization: Invest first in Controls that will provide the greatest risk reduction and protection against the most dangerous threat actors, and that can be feasibly implemented

25、in your computing environment. Metrics: Establish common metrics to provide a shared language for executives, IT specialists, auditors, and security officials to measure the effectiveness of security measures within an organization so that required adjustments can be identified and implemented quick

26、ly. Continuous diagnostics and mitigation: Carry out continuous measurement to test and validate the effectiveness of current security measures, and to help drive the priority of next steps. Automation: Automate defences so that organizations can achieve reliable, scalable, and continuous measuremen

27、ts of their adherence to the Controls and related metrics. ETSI ETSI TR 103 305 V1.1.1 (2015-05) 5 Introduction The evolution of cyber defence is increasingly challenging. Massive data losses, theft of intellectual property, credit card breaches, identity theft, threats to privacy, denial of service

28、 - these have become endemic. Access exists to an extraordinary array of security tools and technology, security standards, training and classes, certifications, vulnerability databases, guidance, best practices, catalogues of security controls, and countless security checklists, benchmarks, and rec

29、ommendations. But all of this technology, information, and oversight have become a veritable “Fog of More“: competing options, priorities, opinions, and claims. The threats have evolved, the actors have become smarter, and users have become more mobile. Data is now distributed across multiple locati

30、ons, many of which are not within our organizations infrastructure anymore. With more reliance on cloud computing data centres, the data and even applications are becoming more distributed. In a complex, interconnected world, no enterprise can think of its security as a standalone problem, and colle

31、ctive action is nearly impossible. Focus is needed to establish priority of action, collective support, and keeping knowledge and technology current in the face of rapidly evolving problems and an apparently infinite number of possible solutions. The most critical areas need to be addressed and the

32、first steps taken toward maturing risk management programs. This includes a roadmap of fundamentals, and guidance to measure and improve the implementation defensive steps that have the greatest value. These issues led to, and drive, the Critical Security Controls. The value is determined by knowled

33、ge and data - the ability to prevent, alert, and respond to the attacks that are plaguing enterprises today. The Critical Security Controls and Other Risk Management Approaches The Critical Security Controls are not a replacement for comprehensive mandatory compliance or regulatory schemes. The Cont

34、rols instead prioritize and focus on a smaller number of actionable controls with high-payoff. Although lacking the formality of traditional Risk Management Frameworks, the Critical Security Controls process constitutes a “foundational risk assessment“ - one that can be used by an individual enterpr

35、ise as a starting point for immediate, high-value action, is demonstrably consistent with formal risk management frameworks, and provides a basis for common action across diverse communities (e.g. that might be subject to different regulatory or compliance requirements). The Critical Security Contro

36、ls also proactively align with and leverage ongoing work in security standards and best practices. Examples include: the Security Content Automation Program (SCAP) and Special Publication 800-53 i.1 (Recommended Security Controls for Federal Information Systems and Organizations) sponsored by the Na

37、tional Institute of Standards and Technology (NIST); the Australian Signals Directorates “Top 35 Strategies to Mitigate Targeted Cyber Intrusions“; and the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27002:2013 i.4 Information technology - Sec

38、urity techniques - Code of practice for information security controls. References and mappings to these can be found at www.counciloncybersecurity.org. Initiating Implementation Some of the Critical Security Controls, in particular CSC 1 through CSC 5, are foundational, and should be considered as t

39、he actions to be taken. This is the approach taken by, for example, the DHS Continuous Diagnostic and Mitigation (CDM) Program. For a highly focused and direct starting point, five especially useful actions have the most immediate impact on preventing attacks. These actions are specially noted in th

40、e Controls listings, and consist of: 1) application whitelisting (found in CSC 2); 2) use of standard, secure system configurations (found in CSC 3); 3) patch application software within 48 hours (found in CSC 4); 4) patch system software within 48 hours (found in CSC 4); and 5) reduced number of us

41、ers with administrative privileges (found in CSC 3 and CSC 12). ETSI ETSI TR 103 305 V1.1.1 (2015-05) 6 1 Scope The present document describes a specific set of technical measures available to detect, prevent, respond, and mitigate damage from the most common to the most advanced of cyber attacks. T

42、he measures reflect the combined knowledge of actual attacks and effective defences. The present document is technically equivalent and compatible with the 5.1 version of the “The Critical Security Controls for Effective Cyber Defence,“ 10 July 2014, which can be found at the website http:/www.counc

43、iloncybersecurity.org/critical-controls/. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest

44、 version of the reference document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publicatio

45、n, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. Not applicable. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or no

46、n-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their lon

47、g term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 NIST Special Publication 800-53: “Security and Privacy Controls for Federal Information Systems and Organizations“.

48、 i.2 NIST Special Publication 800-57: “Recommendation for Key Management - Part 1: General“. i.3 NIST Special Publication 800-132: “Recommendation for Password-Based Key Derivation - Part 1: Storage Applications“. i.4 ISO/IEC 27002:2013: “Information technology - Security techniques - Code of practi

49、ce for information security controls“. i.5 Council on Cybersecurity: “The Critical Security Controls for Effective Cyber Defence“. ETSI ETSI TR 103 305 V1.1.1 (2015-05) 7 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: Critical Security Control (CSC): specified capabilities that reflect the combined knowledge of actual attacks and effective defences of experts that are maintained by the Council on Cybersecurity and found at the website http:/www.counciloncyb

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1