Benchmark: 3.5 Cyber Crisis Management Plan
Description
A Cyber Crisis Management Plan (CCMP) should be immediately evolved and should be a part of the overall Board approved strategy. CCMP should address the following four aspects: (i) Detection (ii) Response (iii) Recovery and (iv) Containment. NBFCs need to take effective measures to prevent cyber-attacks and to promptly detect any cyber-intrusions so as to respond / recover / contain the fall out. NBFCs are expected to be well prepared to face emerging cyber-threats such as ‘zero-day’ attacks, remote access threats, and targeted attacks. Among other things, NBFCs should take necessary preventive and corrective measures in addressing various types of cyber threats including, but not limited to, denial of service, distributed denial of services (DDoS), ransom-ware / crypto ware, destructive malware, business email frauds including spam, email phishing, spear phishing, whaling, vishing frauds, drive-by downloads, browser gateway fraud, ghost administrator exploits, identity frauds, memory update frauds, password related frauds, etc.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 3.5 Cyber Crisis Management Plan.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.rbi_itf_nbfc_3_5
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.rbi_itf_nbfc_3_5 --share
Controls
- EC2 instances should be managed by AWS Systems Manager
- GuardDuty should be enabled
- GuardDuty findings should be archived
- SSM managed instance associations should be compliant
- SSM managed instance patching should be compliant