Cybersecurity

• CSF-WUQI (梧棲)
  • OKRs
    • Objective: Proof-Of-Concept
    • Objective: Introduce a minimum viable product (MVP) System
  • Resources

CSF-WUQI (梧棲)

CSF-WUQI 是基於 Cybersecurity Framework | NIST 的 argoproj/argo: Argo Workflows: Get stuff done with Kubernetes. 流程實驗專案，最終目的是作出應用 Operator pattern - Kubernetes 的 CSF 流程專案。

Cybersecurity Framework Version 1.1 主要分五個面向

• IDENTIFY (ID)
• PROTECT (PR)
• DETECT (DE)
• RESPOND (RS)
• RECOVER (RC)

OKRs

Objective: Proof-Of-Concept

• Active from: 19-09-28
• KR Measurement Deadline: 19-12-31
• Tracked: Every Sunday 😱
• Tracking Manager: DLTDOJO
• Key Results:
  1. yaml and json config file
  2. at least 1 UML usecase diagrams and seq diagrams
  3. argoproj/argo: Argo Workflows: Get stuff done with Kubernetes. examples
  4. argoproj/argo-events: Event-based dependency manager for Kubernetes. examples
  5. documentation and presentation

Tracking

yaml and json file base on 2018-04-16_framework_v1.1_core1.xlsx

• WIP nist-csf-1.1.yaml
• WIP nist-csf-1.1.json

argo workflow hello world version of ID.RA-5

apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  generateName: csf-wuqi-
spec:
  entrypoint: whalesay
  templates:
  - name: whalesay
    container:
      image: docker/whalesay:latest
      command: [cowsay]
      args: ["ID.RA-5 Threats, vulnerabilities, likelihoods, and impacts are used to determine risk."]

WIP: DAG workflow

• IDENTIFY (ID)
• PROTECT (PR)
• DETECT (DE)
• RESPOND (RS)
• RECOVER (RC)

Open source container-native workflow engine for Kubernetes. | argo

apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  generateName: csf-wuqi-
spec:
  entrypoint: csf
  templates:
  - name: echo
    inputs:
      parameters:
      - name: message
    container:
      image: alpine:3.7
      command: [echo, "{{inputs.parameters.message}}"]
  - name: csf
    dag:
      tasks:
      - name: IDENTIFY
        template: echo
        arguments:
          parameters: [{name: message, value: IDENTIFY}]
      - name: PROTECT
        dependencies: [IDENTIFY]
        template: echo
        arguments:
          parameters: [{name: message, value: PROTECT}]
      - name: DETECT
        dependencies: [IDENTIFY]
        template: echo
        arguments:
          parameters: [{name: message, value: DETECT}]
      - name: RESPOND
        dependencies: [PROTECT, DETECT]
        template: echo
        arguments:
          parameters: [{name: message, value: RESPOND}]
      - name: RECOVER
        dependencies: [PESPOND]
        template: echo
        arguments:
          parameters: [{name: message, value: RECOVER}]

Objective: Introduce a minimum viable product (MVP) System

• Active from: 20-01-01
• KR Measurement Deadline: 20-04-01
• Tracked: Every Sunday 😱
• Tracking Manager: DLTDOJO
• Key Results:
  1. protobuf file
  2. api service
  3. web site
  4. documentation
  5. 做人🏃‍如果無夢想，同條鹹魚🐟有咩分別呀？ - 少林足球

Tracking

• WIP Protobuf Def

Resources

• 【NIST CSF導入關鍵】7步驟打造整體安全防護網，從盤點現況與成熟度評估著手 | iThome
• 專家大推的NIST網路安全框架規畫工具 | iThome
• security-policy-templates/nist-csf.json at master · JupiterOne/security-policy-templates
• cyberframework/cyberframework_1_0.yaml at master · GovReady/cyberframework
• import-content/NIST_CSF.csv at master · simplerisk/import-content