DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click
HERE to register or log in.
Accession Number:
AD1046126
Title:
Selection of the Best Security Controls for Rapid Development of Enterprise-Level Cyber Security
Corporate Author:
Naval Postgraduate School Monterey United States
Report Date:
2017-03-01
Abstract:
State-supported cyber attacks, cyber espionage campaigns, and hacktivist movements have forced many states to accelerate their cyber defense development in order to achieve at least a minimum level of protection against expanding threats of cyber space. As with any other development effort, cyber capability development requires resources of time, money, and people, which in most cases are very restricted. To rapidly build up the first line of defense, enterprises should select the most efficient cyber controls and measures. This thesis sought out the top 1020 cyber security controls, where ranking was based upon a return on investment ROI assessment. This ROI assessment entailed consideration of both the likelyexpected security benefits of each candidate security control the R numerator, and the likelyexpected cost associated with each security control the I denominator. The primary references for security controls and their specifications are NIST Special Publication 800-53, revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, and publications of SANS, NSA, ISACA, the Center of Protection of National Infrastructure, and other organizations dealing with cyber security. The selected security controls are presented in a standardized form, with sections for description, expected ownership cost, expected security provided, and general implementationrecommendations.
Descriptive Note:
Technical Report
Pages:
0111
Distribution Statement:
Approved For Public Release;
File Size:
0.75MB
