Good afternoon everyone!
I was hoping you guys could give me some suggestions here. For some background, I am active duty Air Force, and pretty new to the network and cyber security field. I have been tasked at work with coming up with a way to measure the "criticality" of every device on our network, and being able to display this in a simple yet effective and thorough manner. (The military loves charts and displays, and we have a pretty big network)
I have never done anything like this before and was wondering if you guys have any tips for me on how I should go about doing this. I have found some starting points such at NIST 8179 and FIPS 199. These documents seem to be suggesting that I use the CIA triad along with the question "What kind of traffic is flowing through the device?" to come up with my answer. Below is an example of what my supervisor said he is kind of looking for:
| Confidentiality | Integrity | Availability | Overall Impact | |
|---|---|---|---|---|
| Device 1 | Low | Moderately | Highly | Moderate |
| Device 2 | Moderately | Low | Low | Low |
| Device 3 | High | Low | Moderately | Moderate |
They would like some sort of system to indicate if a device goes down, how much would this impact the mission/rest of the network. Do any of you guys already do anything like this at your work? If so then how do you show what is critical and how do you standardize the way of showing it?
As I said before, I am very new to the field, and if I am going about this all wrong then please feel free to tell me. Thank you all so much in advance and I look forward to learning from you!
No comments:
Post a Comment