Selection of the best security controls for rapid development of enterprise-level cyber security
MetadataShow full item record
State-supported cyber attacks, cyber espionage campaigns, and hacktivist movements have forced many states to accelerate their cyber defense development in order to achieve at least a minimum level of protection against expanding threats of cyber space. As with any other development effort, cyber capability development requires resources of time, money, and people, which in most cases are very restricted. To rapidly build up the first line of defense, enterprises should select the most efficient cyber controls and measures. This thesis sought out the top 10–20 cyber security controls, where ranking was based upon a return on investment (ROI) assessment. This ROI assessment entailed consideration of both the likely/expected security benefits of each candidate security control (the R numerator), and the likely/expected cost associated with each security control (the I denominator). The primary references for security controls and their specifications are NIST Special Publication 800-53, revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, and publications of SANS, NSA, ISACA, the Center of Protection of National Infrastructure, and other organizations dealing with cyber security. The selected security controls are presented in a standardized form, with sections for description, expected ownership cost, expected security provided, and general implementation recommendations.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Clemente, Jason F. (Monterey, CA; Naval Postgraduate School, 2018-09);The United States power grid is a logical target for a major cyber attack because it connects all of the nation’s critical infrastructures with electricity. Attackers consistently exploit vulnerabilities of the bulk power ...
Dorney, Liam J.; Miller, Travis C. (Monterey, California: Naval Postgraduate School, 2016-03);The Navy has seen a significant increase in the presence of mobile and smart devices on its units due to advancements in technology and younger sailors’ desire to be connected at all times. These devices create security ...
Identifying Supervisory Control and Data Acquisition (SCADA) systems on a network via remote reconnaissance Wiberg, Kenneth C. (Monterey, California. Naval Postgraduate School, 2006-09);Presidential Decision Directive (PDD) 63 calls for improving the security of Supervisory Control and Data Acquisition (SCADA) and other control systems which operate the critical infrastructure of the United States. In ...