Research Catalog

A framework for programming and budgeting for cybersecurity / John S. Davis II [and 5 others].

Title
  1. A framework for programming and budgeting for cybersecurity / John S. Davis II [and 5 others].
Published by
  1. Santa Monica, Calif. : RAND Corporation, [2016]
Author
  1. Davis, John S. (John Sanders), II,

Items in the library and off-site

Filter by

Displaying 1 item

StatusFormatAccessCall numberItem location
Status
Request for on-site useRequest scan
How do I pick up this item and when will it be ready?
FormatBook/TextAccessUse in libraryCall numberTK5105.59 .D393 2016Item locationOff-site

Details

Additional authors
  1. Johnson, Stuart E., 1944-
  2. Karode, Andrew,
  3. Kumar, Jason,
  4. Libicki, Martin C.,
  5. National Defense Research Institute (U.S.), issuing body
  6. Rand Corporation, publisher
Description
  1. xv, 58 pages; 28 cm
Summary
  1. "When defending an organization against cyberattacks, cybersecurity professionals are faced with the dilemma of selecting from a large set of cybersecurity defensive measures while operating with a limited set of resources with which to employ the measures. Engaging in this selection process is not easy and can be overwhelming. Furthermore, the challenge is exacerbated by the fact that many cybersecurity strategies are presented as itemized lists, with few hints at how to position a given action within the space of alternative actions. This report aims to address these difficulties by explaining the menu of actions for defending an organization against cyberattack and recommending an approach for organizing the range of actions and evaluating cybersecurity defensive activities"--Publisher's web site.
Subject
  1. Computer networks -- Finance
  2. Computer networks -- Planning
Contents
  1. Preface -- Figures -- Summary -- Acknowledgments -- Abbreviations -- Chapter One: Motivation -- Chapter Two: Core Concepts: Goal: Reduce the Expected Cost of Cyberattacks -- Ring 1: Four Basic Strategies -- The Basis of Our Approach -- The Benefits of Our Approach -- Chapter Three; Ring 2: Ring 2: Minimize Exposure -- Ring 2: Neutralize Attacks -- Ring 2: Increase Resilience -- Ring 2: Accelerate Recovery -- Chapter Four: Ring 3: Ring 3: Resilience--Take Resilience Steps -- Ring 3: Resilience--Conform to Resilience Guid -- Ring 3: Resilience--Improve Cross-System Engineering -- Ring 3: Recovery--Generate Rapid Response Plans -- Ring 3: Recovery--Increase Response Competence -- Ring 3: Recovery--Build the Ability to Restore Systems -- Ring 3: Exposure--Reduce the Number of Networked Machines -- Ring 3: Neutralize Attack--Reduce the Number of Cyberattack Attempts -- Ring 3: Neutralize Attack--Counter the Insider Threat -- Ring 3: Neutralize Attack--Develop Mitigations for Specific Known Threats -- Ring 3: Neutralize Attack--Block Cyberattacks -- Ring 3: Neutralize Attack--Ensure the Quality of a System's Hardware and Software - Ring 3: Neutralize Attack--Systematically Reduce Risks Inherent in the Network -- Ring 3: Neutralize Attack--Improve the Security-Related Competence of System Administrators -- Ring 3: Neutralize Attack--Test Systems Against Simulated Attacks -- Ring 3: Neutralize Attack--Defend Against DDOS Attacks -- Ring 3: Neutralize Attack--Reduce the Amount of Material Exfiltrated by Attacks -- Chapter Five: Using This Work: Auditing Mechanism -- Prescriptive Mechanism -- Improving the Cyberdefensive Actions -- Applying the Model to Broader IT Compliance Efforts -- Chapter Six: Conclusion -- References.
Owning institution
  1. Harvard Library
Note
  1. "TL-186-DHS"--Cover page 4.
  2. "National Defense Research Institute."
Bibliography (note)
  1. Includes bibliographical references (pages 55-58).
Processing action (note)
  1. committed to retain