Reinforcement

By cliangNo Comments
Sometimes, security protection needs reinforcement to avoid deterioration of effectiveness over time. This can easily be visualized in real world. Screws are used to tighten the wheels. Multiple screws are used for resilience. You add further clamp on to limit the screws from spin off. In dealing with cyber protection, the easiest deteriorating stack is the human factor. You have policy published and communicated. You still need to reinforce the situation awareness to bring back attention. An example is the phishing email. It is the common cyber attack vector resulting into infect ransomware to hijack all systems, install backdoor to corporate network, infiltrate sensitive information etc. Other than regular communication, launch phishing test campaign to validate how many in the organization will fall into the trap. Through repeated exercise, the awareness to combat against phishing attack will be reinforced. ...
Read More

Enforcement

By cliangNo Comments
Enforcement Having policy as written document isn't enough. If there is violation, it must be enforced thru correctional approach. In real world, this is done by disciplinary action, imposing fine or even imprisonment depending on severity of violation. This will reinforce the attitude for policy compliance. An example is jumping the light detected by traffic camera. At best if there is no traffic accident, impose fine and deduct marks to remind this act will hurt other road users. At worst this misbehavior has triggered traffic accident, it might be resulted in criminal offence for imprisonment. In cyber world, the situation is similar. Stipulate the cybersecurity directive (policy) and indicate what is the protection objectiveEstablish policy exception processDefine the levels of correctional action per violation natureAnd most importantly, raise awareness to educate all levels why the policy must be complied for what purpose and consequence of violation ...
Read More

Assumption #3

By cliangNo Comments
DO NOT ACROOS - implicitly applied to vehicles only When we develop written directive, there might be chance that certain elements are assumed and be implicit. It is essential to engage stakeholders, listen to feedbacks and address opinions rather than dictate what should be done. If you do, you deem to be failed to develop a good policy. ...
Read More