当前位置:首页 > 报告详情

研讨会 - INL 三重 C - 从为什么到如何构建网络弹性工程 - 深入探讨 CCE、CIE 和 CFA.pdf

上传人: 可*** 编号:991846 2025-12-07 30页 5.89MB

1、6/15/20251The INL Triple C:Engineering Cyber Resilience from Why to How-A Deep Dive into CCE,CIE,and CFA126/15/20252The past,current,and future“Security is not the absence of incidents.”“Security is the presence of defenses.”346/15/20253Adapted from Marx,D.Just Culture:a Strategic Perspective(presen

2、tation,2018)OutcomesSystemsChoicesOutcomes=+Adapted from Marx,D.Just Culture:a Strategic Perspective(presentation,2018)566/15/20254SystemsReliableSystemsChoicesGoodChoicesOutcomesGood Outcomes=+Adapted from Marx,D.Just Culture:a Strategic Perspective(presentation,2018)EngineeringSystemsReliableSyste

3、msCultureChoicesGoodChoicesConsequencesOutcomesGood Outcomes=+Adapted from Marx,D.Just Culture:a Strategic Perspective(presentation,2018)786/15/20255CIE PrinciplesKEY QUESTION PRINCIPLE How do I understand what critical functions my system mustensureand the undesiredconsequences it mustprevent?Conse

4、quence-Focused Design How do I select and implement controls to minimize avenues for attack or the damage that couldresult?Engineered Controls How do I prevent undesired manipulation of important data?Secure Information Architecture How do I determine what features of my system are not absolutely ne

5、cessary to achieve the critical functions?Design Simplification How do I create the best compilation of system defenses?Layered Defenses How do I proactively prepare to defend my system from any threat?Active Defense How do I understand where my system can impact others or be impacted by others?Inte

6、rdependency Evaluation How do I understand where digital assets are used,what functions they are capable of,and what our assumptions are about how they work?Digital Asset Awareness How do I ensure my providers deliver the security the system needs?Cyber-Secure Supply Chain Controls How do I turn“wha

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要介绍了INL的三项核心原则——CCE(后果驱动、网络信息工程)、CIE(网络信息工程原则)和CFA,旨在从“为什么”到“如何”构建工程的网络韧性。关键点如下: 1. 安全不仅是避免事件,更是具备防御能力。 2. CIE原则关注理解系统的关键功能、预防不良后果,并通过设计简化、分层防御等手段实现。 3. INL的技术理念基于现有安全措施不足以保护控制系统及其基础设施,认为有决心、资源丰富的对手将成功渗透和利用关键基础设施网络。 4. CCE的目标是保护关键功能免受现有和新兴威胁的影响,并主动为下一代网络启用破坏做准备。 5. CIE实施涉及组织文化、供应链安全、信息控制等方面,需技能包括网络安全、工程、运营等。 文章强调了理解系统关键功能、选择实施控制措施、预防数据被恶意操纵、简化设计、建立系统防御、主动防御、评估相互依赖性、提高数字资产意识以及确保供应链安全等重要原则。
如何打造网络安全堡垒?" 如何让系统免受网络攻击?" "从设计到运营,CIE如何保障系统安全?"
客服
商务合作
小程序
服务号
折叠