Cybersecurity Transformation

By cliangNo Comments
To be successful in cybersecurity transformation, each one in the organization shall contribute as the baseline. Culture or politic in certain organizations prohibits; and this is not just applied to cybersecurity. If you SEE something need improvement and TALK about it with your boss, you'll become the issue owner to handle the resolution.  This drives the culture of don't see and don't talk.  Top  executives don't HEAR things that potentially affects the organization. The essential success factors in the transformation journey include but not limited to: Senior management buy-in Provide necessary support for sustainability (not just a slogan in the air but actually allocate dedicated resources and invest in human capital) Top-down approach to drive end result with metrics Staff own passion adaptive to the changing business environment Once the people barrier is break-thru, other process issues will then go well....
Read More

Incident Respond #2

By cliangNo Comments
Respond is 1 of the 5 domains under the NIST CyberSecurity Framework along with Identify, Protect, Detect and Recover. It is also generally understood the importance of IR in the industry because "it is not a matter of if but when your system is compromised".  Promptly respond to incident could trigger the required recovery actions to minimize business interruption. The hard part is that you'll never know if the response will work in real life even though there are regular drills to opt for continuous improvement.  This is like the air-bag in your car - you only know if it serves the purpose when triggered....
Read More

Residual Risk

By cliangNo Comments
When deploying protection or counter-measure, it is necessary to understand If new risks are introduced? Will these new risks even exceed the consequence of do nothing? An example is DLP (Data Leakage Protection, not Prevention).  It requires "super" privileges to access every resource being monitored to alert sensitive information being shared improperly.  Even though this might be a system account, mis-configuration or process weakness could exploit the DLP to leak more sensitive information to unintended recipient....
Read More

Incident Respond

By cliangNo Comments
Organizations usually invest substantially to manage and mitigate cyber attack with the detection technologies like log correlation and SOC (Security Operation Center) establishment plus comprehensive process of detailed respond to cyber threat scenarios with surprised drills etc. Not doubt, this will uplift the organization capacity and demonstrate due diligence has been exercised to deal with cyber attacks to stakeholders. On the other hand, cyber is just one of the failure or attack scenarios.  Like fire incident, it might be due to human negligence (left burning cigarette unattended), natural disaster (strike by lightning) or cyber attack (S01E04 Fire Code - vulnerable printer firmware).  No matter how, isolation to contain threat and promptly recovery to resume are required whether cyber or not. Resource (both skill set and manpower) in real life is always limited and should be put on recovery then drive from this end what is required for service resumption meeting recovery time objective.  And don't forget the TCO (Total Cost Ownership) involved to sustain...
Read More

Split Knowledge

By cliangNo Comments
This is usually a means of control normally deployed in key management such that accessing privileged and critical resource requires multiple designated persons to minimize misuse of such privilege by a single person.  The simplest form is splitting a password into tokens and held by different persons. While security control is enforced, there are needs to consider: - Contingency, e.g. key person(s) is(are) not available in the case of split password.  With technology, there is m of n crypto key recovery so that availability of the selected m persons (where m <= n) can regain access - Further, this assumes all these m persons do not collaborate for malicious act...
Read More

Cryptography

By cliangNo Comments
Example in real world for cyber world. There are 2 salient points in cryptography: Algorithm (or how it works) is publicly known, source codes are even published (mechanism of the combination lock is known) Key is secret, this is the only way to access the cipher text (the combination code you have chosen to unlock) Therefore, never invent your own crypto algorithm no matter how much obfuscation you have made in the codes.  It is just security through obscurity. Of course, even a recognized (or certified) crypto will be subject to attack (online or offline) due to technology advancement over time.  Essentially, counter-measures are to increase the time attacker needs to get thru: regular password change, complex password, 2FA, adding salt and pepper in the stored hash etc....
Read More

Misplaced Control

By cliangNo Comments
Security technologies are secure but if deployed incorrectly, the intended protection will be in vain. It is necessary to have a design review and configuration check to minimize this type of issue.  Preferably, this should be done by 3rd party for independence as well as from fresh eyes. Of course, a reasonable scope of coverage has to be defined.  That's why security accreditation is at component level (e.g. encryption module) to set the boundary because how it is deployed has many variables....
Read More