网络安全
安全成熟度评估(Security Maturity Assessment)框架
常用框架:
- NIST Cyber Security Framework (CSF)
包含内容:
- 识别 / Identify
- Security Service Management
- Information Asset Management
- Security Governance
- Threat Vulnerability Analysis
- Risk & Compliance
- Supplier Risk Management
- Security Knowledge Management
- 保护 / Protect
- Information Security Services
- Identity and Access Management
- Infrastructure & Endpoint Protection
- Network Security
- Email Security
- Secure Application DevelAoppmliceatniotn
- Facility Security
- Configuration Management
- Human Resources Security
- Maintenance
- 检测 / Detect
- Monitoring
- Security Information Generation
- Infrastructure Logs
- Security Events Logs
- Network Packet Collection
- Vulnerability Scanning
- Malware Scanning
- Assert Discovery
- Brand Protection/ Phishing Monitoring
- Honey Pot collection
- Electronic Message Journaling
- Forensic Data Collection
- E-Discovery
- Correlation & Analysis
- Threat Correlation
- Anomaly detection
- Fraud Analytics
- Machine Learning
- Security Information Generation
- Security Analytics
- Security Operations Centre / Real time alerting
- Periodic Reporting
- Vulnerability Reporting
- Patch Status Reporting
- Availability Reporting
- Incident Reporting
- Monitoring
- 响应 / Respond
- Response Planning
- Incident Analysis
- Incident Response
- 修复 / Recover
- Recovery Planning
- Public Relations
- Legal
- Post Incident Review