Last active
March 13, 2019 04:57
-
-
Save ag0x00/8bf59e2b32ac7975d2ce44851e14031d to your computer and use it in GitHub Desktop.
Cybersecurity OGSM Examples
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Objective | Goal | Strategy | Measures | |
|---|---|---|---|---|
| Reduce cybersecurity risk to critical business functions | Survive’ a red team exercise against ICS by the end of 2019 (pass/fail) | Maintain patch levels | Mean time to patch is under 7 days | |
| Implement MFA | 95% of enterprise user accounts are enforcing MFA | |||
| The overall number of generic (multi-user) accounts is under 1% | ||||
| Reduce the impact of cybersecurity incidents (measurable) | Improve internal network segmentation | |||
| Eliminate global admin accounts | ||||
| Roll out dedicated systems management network | ||||
| Be able to recover from cybersecurity attack quickly | Completely recover network infrastructure (within 24 hours) | Migrate core components to software-defined networking (SDN) | ||
| Regain control over a compromised physical workstation (within 30 minutes) | Maintain up-to-date physical hardware inventory | |||
| Maintain local IR responsibility in all physical locations | ||||
| Survive’ a sustained external DDoS attack | Establish services from multiple telcos for critical environments | 50% of the externally facing networks can sustain 10Gbps flood for 60 minutes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment