search menu icon-carat-right cmu-wordmark

Subject: Controls

Cybersecurity Architecture, Part 2: System Boundary and Boundary Protection

Cybersecurity Architecture, Part 2: System Boundary and Boundary Protection

• Insider Threat Blog
Jason Fricke

This post was also authored by Andrew Hoover. In Cybersecurity Architecture, Part 1: Cyber Resilience and Critical Service, we talked about the importance of identifying and prioritizing critical or high-value services and the assets and data that support them. In this post, we'll introduce our approach for reviewing the security of the architecture of information systems that deliver or support these services. We'll also describe our review's first areas of focus: System Boundary and Boundary...

Read More
Cybersecurity Architecture, Part 1: Cyber Resilience and Critical Service

Cybersecurity Architecture, Part 1: Cyber Resilience and Critical Service

• Insider Threat Blog
Andrew Hoover

In our cyber resilience assessments at the CERT Division of the SEI, we often find that organizations struggle with several fundamentals of cybersecurity management. Specifically, organizations have trouble identifying what critical assets need to be protected and then implementing specific cyber architecture controls, such as network segmentation and boundary protection, to protect them. This post will be the first in a series focusing on common weaknesses in organizational cybersecurity architecture. This initial post focuses on...

Read More
Building Resilient Systems with Cybersecurity Controls Management

Building Resilient Systems with Cybersecurity Controls Management

• Insider Threat Blog
Matthew Trevors

The CERT Division of the SEI has evaluated the cyber resilience of hundreds of organizations. We've seen that many organizations may not have formally established a controls management program. In this blog post, we will describe the basic controls management life cycle and provide a method for establishing effective controls for a new "green field" system or identifying gaps in an existing "brown field" system....

Read More
Insider Threat Controls

Insider Threat Controls

• Insider Threat Blog
CERT Insider Threat Center

The mission of the CERT Insider Threat Lab, sponsored by the Department of Homeland Security Federal Network Security Branch, is to create new technical controls and standards based on our research, as well as to determine lessons learned from our hands-on work doing assessments, workshops, and working with technical security practitioners....

Read More