研讨会 - INL 三重 C - 从为什么到如何构建网络弹性工程 - 深入探讨 CCE、CIE 和 CFA.pdf

《研讨会 - INL 三重 C - 从为什么到如何构建网络弹性工程 - 深入探讨 CCE、CIE 和 CFA.pdf》由会员分享，可在线阅读，更多相关《研讨会 - INL 三重 C - 从为什么到如何构建网络弹性工程 - 深入探讨 CCE、CIE 和 CFA.pdf（30页珍藏版）》请在三个皮匠报告上搜索。

1、6/15/20251The INL Triple C:Engineering Cyber Resilience from Why to How-A Deep Dive into CCE,CIE,and CFA126/15/20252The past,current,and future“Security is not the absence of incidents.”“Security is the presence of defenses.”346/15/20253Adapted from Marx,D.Just Culture:a Strategic Perspective(presen

2、tation,2018)OutcomesSystemsChoicesOutcomes=+Adapted from Marx,D.Just Culture:a Strategic Perspective(presentation,2018)566/15/20254SystemsReliableSystemsChoicesGoodChoicesOutcomesGood Outcomes=+Adapted from Marx,D.Just Culture:a Strategic Perspective(presentation,2018)EngineeringSystemsReliableSyste

3、msCultureChoicesGoodChoicesConsequencesOutcomesGood Outcomes=+Adapted from Marx,D.Just Culture:a Strategic Perspective(presentation,2018)786/15/20255CIE PrinciplesKEY QUESTION PRINCIPLE How do I understand what critical functions my system mustensureand the undesiredconsequences it mustprevent?Conse

4、quence-Focused Design How do I select and implement controls to minimize avenues for attack or the damage that couldresult?Engineered Controls How do I prevent undesired manipulation of important data?Secure Information Architecture How do I determine what features of my system are not absolutely ne

5、cessary to achieve the critical functions?Design Simplification How do I create the best compilation of system defenses?Layered Defenses How do I proactively prepare to defend my system from any threat?Active Defense How do I understand where my system can impact others or be impacted by others?Inte

6、rdependency Evaluation How do I understand where digital assets are used,what functions they are capable of,and what our assumptions are about how they work?Digital Asset Awareness How do I ensure my providers deliver the security the system needs?Cyber-Secure Supply Chain Controls How do I turn“wha