Rule or Ruler

By cliangNo Comments
As a security practitioner, providing advice in securing the organization cyber assets is the expected responsibilities and everyone in the organization has such expectation. In commercial world, resources are limited and there are always risks in business operations. Therefore, risk management is needed in an organization to prioritize resources in consistently dealing with the risks. A risk-based approach to deploy appropriate controls must be in place, i.e. objectively per organization risk matrix rather than subjectively per individual perception. After all, there won't be zero-risk business in this world. I come across a situation that a security practitioner demands uplifting the criticality of a target system just by personal feeling while the consequence does not exceed the threshold guideline per the official organization risk matrix. The escalated criticality of consequence could be legitimate because business environment or threat landscape have changed. Then the correct attitude is to revise the organization risk matrix which serves the foundation for consistent assessment. We must...
Read More

Transformation

By cliangNo Comments
Due to rapid technology advancement, business operations are always undergone transformation. A phone kiosk becomes legacy as the use case is approaching to zero. While transformation creates new jobs, it also makes other jobs extinct. Imagine when there is no need to deploy phone kiosk, job functions regarding the manufacturing line, its supply chain, sales, installation, regular maintenance are no longer needed. Therefore, the transformation shall not only viewed at the business model but also the workforce development and the mentality to accept changes are part of life. Transformation also integrates cybersecurity as part of the job function except the demand of scale and skill might be different. Never complain cybersecurity is none of your business. The positive attitude is to look into the appropriate training to adapt and manage such new challenge. ...
Read More

Deep Packet Inspection (DPI) Firewall

By cliangNo Comments
No doubt, the technology is secure. But without assessing the situation holistically, this is inconclusive. Rulesets might be wrongly set or firewall is wrongly configured, then the DPI firewall is insecure. If the connecting components are in a restricted and lock down environment, a DPI firewall is overkill and won't contribute to enhance more security. By the same token, media always exaggerate cyber threats. We must judge if such threat scenarios are likely in our environment rather than blindly doing unnecessary lock down on existing systems. An example is the ransomware attack via inactive user account thru VPN without 2-factor authentication, or authenticated users via PrintNightmare exploit. Something must be done but not to complete today. Security enhancement must be assessed, managed rather than in a piecemeal manner. The latter might even create more problems after blindly applying the counter-measures. Remember - action without plan is nightmare; plan without action is day dream. ...
Read More