Visibility #2

By cliangNo Comments
Placing a warning sign will avoid facilities being damanged by mistake. But what about the info is misused by threat actor to launch attack? Sometime, deceptions or decoys are used to understand the behaviors of threat actors so that appropriate counter-measures are effectively developed and applied. Ultimately, it is then all about judgment. This is from both attacker and defender perspective Whether the accessed resources are traps, orWhether the unusual activities are camouflage covering other malicious intend. Life becomes harder and harder. ...
Read More

Governance #2

By cliangNo Comments
Successful cybersecurity posture in an organization requires effective cyber protection of its cyber assets. There is a broad interpretation on cyber protection. In certain extreme cases, people put focus on technical controls and how are these controls implemented sometimes down to specific technology brand name or even model per personal preference. This doesn't hurt as long as Providing transparency on the rationale of the chosen technology vendorPublishing the standard for reference rather than hiding inside one's mindFacilitating end users to procure those specific brandsCommunicating with Teams involved to raise awareness of the requirement That said, it falls into one of the organization governance roles as cybersecurity standarization. The merits are reducing learning curve to manage the control, partnership with vendor for better support and purchase discount, technology roadmap and life cycle management. Like any other tools, it is subject to misuse and then resulting into internal politics. ...
Read More

Design & Build #2

By cliangNo Comments
A deployed function looks not elegant. Is this due to design problem, or deployment is not in accordance to the design? Fixing it will be costly without retrofit. Similarly, this happens to cyber protection. Protection effectiveness will be degraded or even none if improper design, or incorrectly deployed. To address this pitfall, comprehensive assessment from design, configuration check before commissioning and regular health check at O&M stage are necessary. Even if the system has not been changed, the external threat landscape has evolved and need to strengthen control to protect. ...
Read More