October 2020 – The SECOND Advisories Limited

Cyber …

23rd October 202023rd October 2020 By cliangNo Comments

Early days in the industry, we are talking about information security to protect the information so as to minimize the impact due to unnecessary disclosure, unauthorized modification or unplanned downtime. It covers every information taxonomy under the sun. Suddenly, cybersecurity comes into the place. And adding cyber as prefix becomes a fashion. Vendors are trying to convince customers their products or services are addressing the market needs with hi-tech. To me, cybersecurity is a subset of information security. At least the hardcopy information container is excluded from the cyber perspective though hardcopy becomes less and in diminished usage. There are many cyber stuffs: cyber workforce, cyber maintenance, cyber hygiene, cyber insurance, cyber warfare, cyber defense, cyber range etc. Pick cyber insurance as an illustration. This becomes a focus area in the industry and relevant standards are being developed such that work practices are consistent. However, cyber insurance isn't bullet proof. If your infrastructure has weakness, repeated cyber attacks are possible. The sole value of...

Information Integrity

13th October 202013th October 2020 By cliangNo Comments

Why buying 2? Sometimes, a small mistake will invite question if the information processing facilities are producing accurate result without malicious tempering. The illustrated sales price might be just input manually, or generated from system as per scheduled price promotion. No matter which scenario, either a broken business process (lack of review, approval to publish) exists, or automated consistency check is missing. With such small mistake goes into publicity, it will require a lot of PR effort to reassure this is an isolated case and not affecting the other back office application like customer data, staff personal data, financial records etc. ...

Distance #2

3rd October 20203rd October 2020 By cliangNo Comments

Keeping distance on the road avoids accidents causing injuiry or fatality due to sudden situation changes. Keeping social distance avoids pandemic spreading among group of people. Similarly, keeping network distance will be cyber safer as it makes cyber attack harder. Network distance is established via defence layers between untrusted network and the target resources so as to drop or neutralize unintended traffic. The more layers, the more network distance that network traffic has to go thru to reach the destination. Layers, for example, are: Network perimeter (firewall, proxy, IPS, IDS)Application gateway (reverse proxy, DPI)Platform hardening (folder permissiom, white list/black list, no unused modules nor system sevices)System application hardening (change default setting, deny unauthenticated request)Business application hardening (observe good coding practices) While adding layers, don't forget to assess if network latency will be introduced affecting specific applications. Last but not least, all these layers shall have latest version and apply least privilege to combat threat actors as much as possible. ...