Section 9.1 Security Organizations
Even with the strongest security controls in place, incidents will still occur. It is important to be prepared to respond and get things back up and running as soon as possible. This process is known as incident response and continuity.
We have looked at many of these security organizations already, but we talk about them in more depth here. These organizations create the analysis frameworks and vulnerability lists that security specialists use to respond to an incident.
Subsection 9.1.1 MITRE
The image displays the logo of The MITRE Corporation. It features the word "MITRE" in all capital letters.
1
commons.wikimedia.org/wiki/File:Mitre_Corporation_logo.svg In the 1940s and 1950s MIT scientists developed large-scale computing laboratories. In 1958 MITRE was formed as a private corporation from the personnel and equipment in these labs. Currently, MITRE is a federally funded research and development center.
As mentioned previously, MITRE maintains the CVE DB. MITRE has also developed the ATT&CK framework for analyzing incidents. We will go through each step of the framework at the end of this chapter.
Subsection 9.1.2 NIST
NIST stands for National Institute of Standards and Technology. It is a federally supported through the US Department of Commerce and posits itself as an institute to promote American innovation. NIST develops standards, guidelines, and best practices in technical fields.
NIST also has a security framework they’ve developed known as the NIST framework. It outlines the general responsibilities of a security team:
Subsection 9.1.3 OWASP
The Open Web Application Security Project (OWASP) is an international non-profit organization focused on web application security. They have an active online community with tools, forums, videos, and news posts. Their most popular resource is the OWASP Top 10, an annual listing of the most popular web application vulnerabilities.
2
owasp.org/Top10You have attempted 1 of 1 activities on this page.
