Data
Exfiltration
Inadequate
Database
Security
DATA SECURITY
MANAGEMENT
Failure to
resume
business
operations
Insider
Threats
Password
sharing
Continuous
Monitoring &
Incident
Response
Network
Attacks
CONTROLS
Poor Identity
and Access
Management
Abuse of
privileged
accounts
Unauthorized
changes to
critical systems
Inappropriate
access to
systems
IDENTITY AND
ACCESS
MANAGEMENT
Use of
generic
accounts
Unauthorized
changes to
critical systems
Illegal use of
remote access
tools
Data
Exfiltration
NIST 5.1.2,
PCI DSS 1,4,5, ISO
27002 10.1.1 and
SANS CSC 17-1, 3
BACKUP AND
RECOVERY
MANAGEMENT
User Provisioning
& Access
Management
Use of stolen
user accounts
Organisations should establish and maintain
processes and technologies to identify protect
the confidentiality, integrity and availability of
critical structured and unstructured data as it is
stored and/or transmitted across an
organizations infrastructure.
Malicious
software
Lack of
monitoring
and incident
response
processes
Port
Scanning
Organisations should establish and
maintain processes and
technologies that will ensure critical
operations are sustained or restored
in the event of an interruption, such
as a severe incident or a disaster.
NIST 3.4.1,
PCI DSS 12.9.1,
ISO 27002
12.3.1 and
SANS CSC 8-1,4
Definitions
Global
Frameworks
Reference
Organisations should establish processes and
technologies to create and manage identities for
entities that may be granted logical or physical
access to the organization’s assets. Access control
should be commensurate with the risk to internal
infrastructure and organizational objectives.
NIST AC-1,
PCI DSS 7,
ISO 27002 9.1.1
and SANS 15.4
Organisations should establish and maintain
processes and technologies to detect, analyze, and
respond to cybersecurity events and to sustain
operations throughout a cybersecurity event,
commensurate with the risk to infrastructure and
organizational objectives.
CONTINUOUS
MONITORING &
INCIDENT
RESPONSE
ISO 22301 8.4.1
NIST IR 1-10
SANS 18-1,6
ISO 27002 16
PCI DSS 12.9.2