Incident Respond

By cliangNo Comments
Organizations usually invest substantially to manage and mitigate cyber attack with the detection technologies like log correlation and SOC (Security Operation Center) establishment plus comprehensive process of detailed respond to cyber threat scenarios with surprised drills etc. Not doubt, this will uplift the organization capacity and demonstrate due diligence has been exercised to deal with cyber attacks to stakeholders. On the other hand, cyber is just one of the failure or attack scenarios.  Like fire incident, it might be due to human negligence (left burning cigarette unattended), natural disaster (strike by lightning) or cyber attack (S01E04 Fire Code - vulnerable printer firmware).  No matter how, isolation to contain threat and promptly recovery to resume are required whether cyber or not. Resource (both skill set and manpower) in real life is always limited and should be put on recovery then drive from this end what is required for service resumption meeting recovery time objective.  And don't forget the TCO (Total Cost Ownership) involved to sustain...
Read More

Split Knowledge

By cliangNo Comments
This is usually a means of control normally deployed in key management such that accessing privileged and critical resource requires multiple designated persons to minimize misuse of such privilege by a single person.  The simplest form is splitting a password into tokens and held by different persons. While security control is enforced, there are needs to consider: - Contingency, e.g. key person(s) is(are) not available in the case of split password.  With technology, there is m of n crypto key recovery so that availability of the selected m persons (where m <= n) can regain access - Further, this assumes all these m persons do not collaborate for malicious act...
Read More

Router or DPI?

By cliangNo Comments
One of the roles in cybersecurity practitioner is to share threat intelligence with internal stakeholders to enhance the situation awareness. If you are doing this, don't just share the links of the news. You need to analyze the published threat: Assess the credibility of the threat source Explore what are protection currently deployed in your organization How to avoid similar issues in your organization Prioritize protection investment if not yet deployed with applicable work around to reduce likelihood Essentially, it's WIIFM (What's In It For Me?). If you don't, you don't add value to sharing the threat intelligence. Sadly just a router rather than a smart Deep Packet Inspection....
Read More

Improper Usage

By cliangNo Comments
Park your car at a legitimate parking lot in the street. What's wrong? Even it is a legitimate parking zone, the permitted usage restricts to bus only. Similarly in the cyber world, proper usage is essential to stay secure. Examples are software license (commercial or personal; by device or user; internal or Internet facing application), penetration tools (for authorized  assessment or malicious purpose), specific hardware (prohibit for re-export to 3rd party) etc....
Read More

Masquerade

By cliangNo Comments
Bison is masqueraded as swan. This is a typical trick in social engineering attack.  That's why scams in social network, email invite etc. are so successfully. So, connect only those who you meet face-to-face with their social ID exchanged on the spot, never trust email inviting you to click links for recovery of access or incentive. If the scenario matches with what you need, validate with the sender first to stay secure....
Read More