As threats facing cybersecurity professionals evolve, so too does the mix of tools ISACA’s Cybersecurity Nexus (CSX) offers those professionals. Most recently CSX debuted its Threats & Controls tool, which provides robust content on the top ten cyber threats:
- Social Engineering
- Insider Threats
- Advance Persistent Threats (APT)
- Distributed denial-of-service attack (DDoS)
- Mobile malware
- Unpatched systems
- Watering hole
CSX is a central resource where security professionals and their enterprises can find cybersecurity research, guidance, training and education.
According to the January 2016 Cybersecurity Snapshot survey of IT professionals from 121 countries, the top cyber threat concerns for 2016 were social engineering, insider threats, APTs. The Threats & Controls tool provides a user-friendly way for professionals to find more context and information on cyber threats and 72 potential controls.
For each threat there is accompanying information on the appropriate controls, which fall within the wider categories of architecture, data management, hardware, network, software and user management. A few examples of specific controls found in the tool include user credential life cycle management, data retention/disposal, configuration management and hardening, and secure code development. Users can choose a threat category and drill down to find a vast array of associated controls, examples, charts, background and other helpful reference information.
From the beginning the goal was to provide an intuitive, user-friendly informative tool for anyone seeking additional context and definitions around cyber threats and controls. It is not a “how-to tool,” however, and it is not intended to be a controls framework. Instead, it provides users with an easy way to navigate between threats and their corresponding controls. The content can be easily shared, which makes it a great resource for educating management and others in an organization about cyber threats and the controls needed to mitigate those threats.
While the information found in the tool is generally available, its primary benefit is the consolidation of all the information in one handy location with an easy-to-navigate interface. Like all ISACA products, members and other constituents are encouraged to offer their suggestions for enhancing the Threats & Controls tool.
The tool’s development began at a cyber controls workshop at ISACA’s 2014 EuroCACS/ISRM Conference in Barcelona, Spain. An innovative volunteer group of cybersecurity professionals produced the two key deliverables that were continually referenced during the development process and that ultimately became the basis for the new tool.
The Threats & Controls tool was the second tool CSX released in January, along with the new CSX Career Roadmap, which enables job seekers and others to personalize the tool with their name, title, experience, certifications and skills to identify job roles that closely match their qualifications. It also highlights areas for future growth and development.