Ho Finyella Tumellano ea NIST Marung: Maano le Mehopolo
Ho tsamaea ka mokhoa o hlakileng oa ho latela maemo sebakeng sa dijithale ke phephetso ea 'nete eo mekhatlo ea sejoale-joale e tobanang le eona, haholoholo mabapi le Setsi sa Naha sa Maemo le Theknoloji (NIST) Cybersecurity Framework.
Tataiso ena ea selelekela e tla u thusa ho fumana kutloisiso e betere ea NIST Ho se sireletsehe Moralo le mokhoa oa ho fihlela tumellano ea NIST lerung. Ha re tloleng.
NIST Cybersecurity Framework ke Eng?
The NIST Cybersecurity Framework e fana ka moralo bakeng sa mekhatlo ho nts'etsapele le ho ntlafatsa mananeo a bona a taolo ea kotsi ea cybersecurity. E reretsoe ho feto-fetoha le maemo, e nang le mefuta e mengata ea likopo le mekhoa ea ho ikarabella bakeng sa litlhoko tse ikhethang tsa cybersecurity tsa mokhatlo.
Moralo ona o entsoe ka likarolo tse tharo - Core, Tiers ea Phethahatso, le Profiles. Mona ke kakaretso ea e 'ngoe le e' ngoe:
Framework Core
Framework Core e kenyelletsa Mesebetsi e mehlano ea mantlha ho fana ka sebopeho se sebetsang sa ho laola likotsi tsa cybersecurity:
- khetholla: E kenyelletsa ho ntshetsapele le ho kenya tshebetsong a leano la cybersecurity e hlalosang kotsi ea cybersecurity ea mokhatlo, maano a ho thibela le ho laola litlhaselo tsa marang-rang, le mesebetsi le boikarabello ba batho ba nang le phihlello ea data ea bohlokoa ea mokhatlo.
- Sireletsa: E kenyelletsa ho theha le ho kenya ts'ebetsong leano le felletseng la ts'ireletso ho fokotsa kotsi ea litlhaselo tsa cybersecurity. Hangata sena se kenyelletsa koetliso ea cybersecurity, taolo e tiileng ea phihlello, encryption, tlhahlobo ea phunyeletso, le ho ntlafatsa software.
- Lemoha: E kenyelletsa ho nts'etsapele le ho kenya ts'ebetsong mesebetsi e nepahetseng khafetsa ho lemoha tlhaselo ea cybersecurity kapele kamoo ho ka khonehang.
- Araba: E kenyelletsa ho theha moralo o felletseng o hlalosang mehato e lokelang ho nkuoa ha ho ka ba le tlhaselo ea cybersecurity.
- Hlaphoheloa: E kenyelletsa ho nts'etsapele le ho kenya ts'ebetsong mesebetsi e nepahetseng ea ho khutlisa se anngoeng ke ketsahalo eo, ho ntlafatsa mekhoa ea ts'ireletso, le ho tsoela pele ho sireletsa khahlanong le litlhaselo tsa cybersecurity.
Ka har'a Mesebetsi eo ho na le Lihlopha tse hlalosang mesebetsi ea cybersecurity, Likaroloana tse arolang mesebetsi hore e be liphetho tse nepahetseng, le Litšupiso tsa Informative tse fanang ka mehlala e sebetsang bakeng sa Sehlopha se seng le se seng.
Mekhahlelo ea Phethahatso ea Moralo
Mekhahlelo ea Ts'ebetsong ea Moralo e bontša kamoo mokhatlo o talimang le ho laola likotsi tsa cybersecurity. Ho na le mekhahlelo e mene:
- Mothati oa 1: Karolelano: Tlhokomeliso e nyane le ho kenya ts'ebetsong taolo ea kotsi ea cybersecurity maemong a mang.
- Mothati oa 2: Tsebisoa ka Kotsi: Tlhokomeliso ea kotsi ea Cybersecurity le litloaelo tsa taolo li teng empa ha lia tloaeleha.
- Mothati oa 3: E ka phetoa: Melao e hlophisitsoeng ea taolo ea likotsi tsa k'hamphani ka kakaretso 'me e e nchafatsa khafetsa ho latela liphetoho tse hlokahalang khoebong le maemo a kotsi.
- Mothati oa 4: Ho ikamahanya le maemo: E lemoha le ho bolela esale pele litšokelo le ho ntlafatsa mekhoa ea cybersecurity ho ipapisitse le mesebetsi ea nakong e fetileng le ea hajoale ea mokhatlo le ho hlahisa litšokelo tsa cybersecurity, mahlale le mekhoa.
Profaele ea Moralo
Profaele ea Moralo e hlakisa khokahano ea Moralo oa Motheo oa mokhatlo le sepheo sa eona sa khoebo, mamello ea kotsi ea cybersecurity, le lisebelisoa. Liprofaele li ka sebelisoa ho hlalosa boemo ba hajoale le bo reretsoeng tsamaiso ea cybersecurity.
Profaele ea Hona Joale e bontša kamoo mokhatlo ha joale o sebetsanang le likotsi tsa cybersecurity, ha Tlaleho ea Target e fana ka lintlha tsa sephetho seo mokhatlo o se hlokang ho fihlela lipheo tsa taolo ea kotsi ea cybersecurity.
Tumellano ea NIST ho Cloud vs. On-Premise Systems
Le ha NIST Cybersecurity Framework e ka sebelisoa ho mahlale ohle, leru dikhomphiutha e ikhetha. Ha re hlahlobeng mabaka a 'maloa a hore na hobaneng melao ea NIST marung e fapana le mekhoa e tloaelehileng ea motheo:
Boikarabello ba Tšireletso
Ka litsamaiso tsa setso tsa sebaka sa marang-rang, mosebelisi o ikarabella bakeng sa ts'ireletso eohle. Ka har'a komporo ea leru, boikarabello ba ts'ireletso bo arolelanoa lipakeng tsa mofani oa litšebeletso tsa leru (CSP) le mosebelisi.
Kahoo, leha CSP e ikarabella bakeng sa ts'ireletso ea "ea" leru (mohlala, li-server tsa 'mele, lisebelisoa tsa motheo), mosebelisi o ikarabella bakeng sa ts'ireletso "ka" leru (mohlala, data, lits'ebetso, taolo ea phihlello).
Sena se fetola sebopeho sa Moralo oa NIST, kaha o hloka moralo o nahanelang mahlakore ka bobeli le ho tšepa tsamaiso ea ts'ireletso ea CSP le bokhoni ba eona ba ho boloka tumellano ea NIST.
Sebaka sa Boitsebiso
Litsamaisong tse tloaelehileng tsa meaho, mokhatlo o na le taolo e felletseng ea moo data ea eona e bolokiloeng teng. Ka lehlakoreng le leng, data ea leru e ka bolokoa libakeng tse fapaneng lefatšeng ka bophara, e lebisang litlhokong tse fapaneng tsa ho latela melao le melaoana ea lehae. Mekhatlo e tlameha ho ela sena hloko ha e boloka melao ea NIST ka har'a cloud.
Scalability le Elasticity
Litikoloho tsa maru li etselitsoe hore li be bonolo haholo le tse otlolohileng. Boemo bo matla ba maru bo bolela hore litaolo le melaoana ea ts'ireletso le tsona li hloka ho feto-fetoha le maemo le ho iketsetsa, ho etsa hore melao ea NIST e be mosebetsi o boima le ho feta.
Multitenancy
Lerung, CSP e ka boloka data ho tsoa mekhatlong e mengata (multitenancy) ho seva se le seng. Le hoja sena e le tloaelo e tloaelehileng bakeng sa li-server tsa maru a sechaba, e hlahisa likotsi tse eketsehileng le mathata a ho boloka ts'ireletso le ho latela melao.
Mehlala ea Tšebeletso ea Cloud
Karohano ea boikarabello ba ts'ireletso e fetoha ho itšetlehile ka mofuta oa mofuta oa tšebeletso ea maru o sebelisoang - Infrastructure as Service (IaaS), Platform as Service (PaaS), kapa Software as a Service (SaaS). Sena se ama tsela eo mokhatlo o phethahatsang Moralo.
Maano a ho Finyella Tumellano ea NIST Cloud
Ka lebaka la ho ikhetha ha cloud computing, mekhatlo e hloka ho sebelisa mehato e tobileng ho finyella tumellano ea NIST. Mona ke lethathamo la maano a ho thusa mokhatlo oa hau ho fihlela le ho boloka melaoana ea NIST Cybersecurity Framework:
1. Utloisisa Boikarabelo ba Hao
Phapang lipakeng tsa boikarabello ba CSP le ba hau. Ka tloaelo, li-CSP li sebetsana le ts'ireletso ea lisebelisoa tsa maru ha u ntse u laola lintlha tsa hau, phihlello ea basebelisi le lits'ebetso.
2. Etsa Litlhahlobo tsa Kamehla tsa Tšireletso
Nako le nako lekola ts'ireletso ea hau ea leru ho tseba bokhoni kholofalo. Sebelisa the lithulusi tsa e fanoe ke CSP ea hau 'me u nahane ka tlhahlobo ea batho ba boraro bakeng sa pono e hlokang leeme.
3. Sireletsa Lintlha tsa Hao
Sebelisa liprothokholo tse matla tsa encryption bakeng sa data ha u phomotse le ha u le leetong. Tsamaiso e nepahetseng ea senotlolo ke ea bohlokoa ho qoba phihlello e sa lumelloeng. U lokela hape theha VPN le li-firewall ho eketsa ts'ireletso ea hau ea marang-rang.
4. Phethahatsa Mekhoa e Matla ea Boitsebiso le Tsamaiso ea Phihlelo (IAM).
Sistimi ea IAM, joalo ka netefatso ea lintlha tse ngata (MFA), e u lumella ho fana ka phihlello ho latela tlhoko ea ho tseba le ho thibela basebelisi ba sa lumelloeng ho kenya software le lisebelisoa tsa hau.
5. Kamehla Hlahloba Kotsi ea Hao ea Cybersecurity
ka maatla a Litsamaiso tsa Ts'ireletso ea Litaba le Tsamaiso ea Ketsahalo (SIEM). le Mekhoa ea ho Hlahlobisisa ha Tšitiso (IDS) bakeng sa tlhahlobo e tsoelang pele. Lisebelisoa tsena li u lumella ho arabela hang-hang ho litemoso leha e le life kapa tlōlo ea molao.
6. Theha Leano la Karabelo ea Ketsahalo
Theha moralo o hlakileng oa karabo ea liketsahalo mme u netefatse hore sehlopha sa hau se tloaelane le ts'ebetso. Kamehla hlahloba le ho leka moralo ho netefatsa hore o sebetsa hantle.
7. Etsa Liphuputso le Litlhahlobo tsa Kamehla
Boitšoaro tlhahlobo ea kamehla ea ts'ireletso khahlano le litekanyetso tsa NIST 'me u fetole maano le lits'ebetso tsa hau ka nepo. Sena se tla netefatsa hore mehato ea hau ea ts'ireletso ke ea hajoale ebile e sebetsa.
8. Koetlisa Basebetsi ba Hao
Hlomella sehlopha sa hau ka tsebo le bokhoni bo hlokahalang mabapi le mekhoa e metle ea ts'ireletso ea maru le bohlokoa ba ho latela melao ea NIST.
9. Sebelisana le CSP ea Hao Kamehla
Kamehla buisana le CSP ea hau mabapi le mekhoa ea bona ea ts'ireletso 'me u nahane ka litšebeletso life kapa life tse ling tsa tšireletso tseo ba ka bang le tsona.
10. Tokomane All Cloud Security Records
Boloka lirekoto tse hlokolosi tsa maano, lits'ebetso le lits'ebetso tse amanang le ts'ireletso ea leru. Sena se ka thusa ho bonts'a tumellano ea NIST nakong ea lihlahlobo.
Ho sebelisa HailBytes bakeng sa Tumellano ea NIST ho Cloud
Ha a ntse a ho latela NIST Cybersecurity Framework ke mokhoa o motle oa ho itšireletsa khahlanong le le ho laola likotsi tsa cybersecurity, ho fihlela tumellano ea NIST marung ho ka ba thata. Ka lehlohonolo, ha ua tlameha ho sebetsana le mathata a cloud cybersecurity le ho latela melao ea NIST feela.
Joaloka litsebi tsa lisebelisoa tsa ts'ireletso ea maru, HailBytes e teng ho thusa mokhatlo oa hau ho fihlela le ho boloka melao ea NIST. Re fana ka lisebelisoa, lits'ebeletso le koetliso ho matlafatsa boemo ba hau ba cybersecurity.
Sepheo sa rona ke ho etsa hore software e bulehileng ea ts'ireletso e be bonolo ho e kenya le ho ba thata ho kena. HailBytes e fana ka mefuta e mengata ea lihlahisoa tsa cybersecurity ho AWS ho thusa mokhatlo oa hau ho ntlafatsa ts'ireletso ea leru. Re boetse re fana ka lisebelisoa tsa mahala tsa thuto ea cybersecurity ho thusa uena le sehlopha sa hau ho holisa kutloisiso e matla ea lisebelisoa tsa ts'ireletso le taolo ea likotsi.
Mongoli
Zach Norton ke setsebi sa papatso sa dijithale ebile e le sengoli se hloahloa ho Pentest-Tools.com, ea nang le boiphihlelo ba lilemo tse 'maloa ho cybersecurity, ho ngola le ho theha litaba.
