Incident Respond #2 Respond is 1 of the 5 domains under the NIST CyberSecurity Framework along with Identify, Protect, Detect and Recover. It Residual Risk When deploying protection or counter-measure, it is necessary to understand If new risks are introduced? Will these new risks even Insecure Node Due to connectivity, an insecure component will no longer just harm itself but other components in the ecosystem as well. Incident Respond Organizations usually invest substantially to manage and mitigate cyber attack with the detection technologies like log correlation and SOC (Security Split Knowledge This is usually a means of control normally deployed in key management such that accessing privileged and critical resource requires Cryptography Example in real world for cyber world. There are 2 salient points in cryptography: Algorithm (or how it works) is Ask Not This is self-explanatory... Ask not what cybersecurity can do for you. Ask what you can do for cybersecurity. Each of Misplaced Control Security technologies are secure but if deployed incorrectly, the intended protection will be in vain. It is necessary to have Data-at-rest This is one of the commonly referred information states among data-in-use and data-in-motion. Within data-at-rest, there should be further taxonomy: Control #2 Most consider cybersecurity controls require hi-tech solution such as deep packet inspection, non-revisible encryption, biometric authentication with time of day Assumption Risk assessment is part of the risk management process to identify exposure, likelihood and business risks so that the necessary USB Port Misconception Most often, people said blocking USB port is a control in the company but somehow there is exception process to « Previous 1 … 18 19 20 21 22 Next »
