▪ The National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), developed an example solution that financial services companies can use for a more secure and efficient way of monitoring and managing their many information technology (IT) hardware and software assets. ▪ The security characteristics in our IT asset management platform are derived from the best practices of standards organizations, including the Payment Card Industry Data Security Standard (PCI DSS). ▪ The NCCoE's approach uses open source and commercially available products that can be included alongside current products in your existing infrastructure. It provides a centralized, comprehensive view of networked hardware and software across an enterprise, reducing vulnerabilities and response time to security alerts, and increasing resilience. ▪ The example solution is packaged as a "How To" guide that demonstrates implementation of standards-based cybersecurity technologies in the real world. The guide helps organizations gain efficiencies in asset management, while saving them research and proof of concept costs. CHALLENGE Large financial services organizations employ tens or hundreds of thousands of individuals. At this scale, the technology base required to ensure smooth business operations (including computers, mobile devices, operating systems, applications, data, and network resources) is massive. To effectively manage, use, and secure each of those assets, you need to know their locations and functions. While physical assets can be labeled with bar codes and tracked in a database, this approach does not answer questions such as "What operating systems are our laptops running?" and "Which devices are vulnerable to the latest threat?" Computer security professionals in the financial services sector told us they are challenged by the vast diversity of hardware and software they attempt to track, and by a lack of centralized control: A large financial services organization can include subsidiaries, branches, third-party partners, contractors, as well as temporary workers and guests. This complexity makes it difficult to assess vulnerabilities or to respond quickly to threats, and to accurately assess risk in the first place (by pinpointing the most business essential assets). SOLUTION The NIST Cybersecurity IT Asset Management Practice Guide is a proof-of-concept solution demonstrating commercially available technologies that can be implemented to track the location and configuration of networked devices and software across an enterprise. Our example solution spans traditional physical asset tracking, IT asset information, physical security, and vulnerability and compliance information. Users can now query one system and gain insight into their entire IT asset portfolio.
Executive SummaryBoth public and private-sector business operations are heavily reliant on electronic mail (email) exchanges, but the integrity of these transactions is often at risk, including financial and other proprietary information, as well as the privacy of employees and clients.Tools exist that are capable of providing the needed email security and privacy protection, but a number of factors have impeded the adoption of these existing security and privacy capabilities. These include: The absence of comprehensive configuration instructions for composed sets of trusted electronic mail components, The absence of easily accessible information that points systems administrators to easily implemented software libraries and software applications, and A perception that email security measures negatively impact the performance of email systems.However, operating an email system without employing the available security and privacy tools invites attackers to breach sensitive enterprise information by introducing false addresses into mail messages, disrupting secure communication signaling, and improving the probability of successfully inducing enterprise users to open malicious attachments -still the most common method for introducing malware and breaching enterprise systems.The National Cybersecurity Center of Excellence (NCCoE) developed a set of example email security solutions that can help organizations to more easily implement security and privacy tools and protocols, thus reducing the likelihood of a data breach. The example security platforms described in this guide are consistent with the guidance and best practices contained in government and industry security standards. How these platforms address specific security requirements and best practices is addressed in Volume B of this guide.The NCCoE's approach permits the use of both open source and commercially available products that can be included alongside the current mail products in existing infrastructure. The example solution set is described in Volume C, a "How To" guide that shows how to implement a set of standards-based, commercially available cybersecurity technologies in the real world. CHALLENGEWhether the security service desired is an authentication of the source of an email message or an assurance that the message has not been altered by or disclosed to an unauthorized party, organizations must employ some cryptographic protection mechanism. Economies of scale and a need for uniform security implementation drive most enterprises to rely on mail servers and/or Internet service providers (ISPs) to provide security to all members of an enterprise. Many of these server-based email security mechanisms are vulnerable to, and have been defeated by, attacks on the integrity of the cryptographic implementations on which they depend. The consequences of these vulnerabilities frequently involve unauthorized parties being able to read or modify supposedly secure information, or to use email as a means to insert malware into the system in order to ...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.