People – Page 9 – The SECOND Advisories Limited

Mistaken Identity

27th October 201831st October 2018 By cliangNo Comments

This is to attack trust based on some one you know. In physical world, this is harder as you will recognize the person by appearance unless via impersonation like those in "Mission Impossible". In cyber world, email and social network ID are easier for spoofing, not-to-mention compromised identity are on sales in the dark web. Therefore, Part-1: protect your cyber identity. Even if you consider such cyber identity doesn't harm yourself, it could cause collateral damage to those who know you Part-2: now, you are cautious about your cyber identity. Establish preparedness to manage the situation when you suspect your cyber identity is compromised for malicious intention Part-3: from a 3rd party perspective, when you receive "unusual" request(s) from cyber identity for those you know or appeared as legitimate, validate their request(s) via other trusted communication channels (like phone call, or official web link) ...

The Human Factor

8th October 2018 By cliangNo Comments

Email becomes part of our life in both cyber and physical worlds. We execute actions in physical world based on email context in cyber world. Email is an example of mixed information classification because the sensitivity is content driven. Therefore, applying protection per the highest sensitivity requirement will be the one-size-fits-all solution. Typical email technical controls are S/MIME, TLS, RMS, 2FA etc. No matter how secure the protections are applied, a negligent but legitimate business user will defeat them all. Educate the consequence of improper usage will uplift the human awareness, and becoming the first line of defense....

Masquerade #2 – Mouse Over

6th October 20187th October 2018 By cliang1 Comment

Mouse over on the hyperlink will show you the intended web address to reach. Traditionally, this is used to understand what web site will be visited. However, this “defense” mindset has to be changed. The displayed link should not be trusted because it can be masqueraded. All the demo URL should be non-reachable as there are no such Domain Names registered. To limit malicious people registering my demo URL to launch real attack, the .gov gTLD is chosen. It is no harm to click below but not in other unknown sources. Click me. Are you reaching the expected "www.trusted-site.gov" as seen via mouse over?...

Control #3

3rd October 201821st December 2018 By cliangNo Comments

Controls are necessary to reduce likelihood of risks. But excessive controls shall have adverse effects: Degrade productivity Push back from user Circumvent control Risk assessment is required to design optimal and effective controls. Change (behavior) management and user awareness need to be well established too. Essentially, Why is the control required What is this meant in daily works (WIIFM for the user) What is the consequence of violation (both organization and the offender) ...

Shadow IT

1st October 2018 By cliangNo Comments

Gartner defines Shadow IT as IT devices, software and services outside the ownership or control of (IT) organizations. Given that information processing facilities or information containers are no longer centralized, the shadow IT is a common phenomenon. Each one of us has a cellular phone that is indeed a powerful information processing facility and large storage device in the pocket. The extensive connectivity and cloud computing via access anywhere and any platform model further accelerate this situation. Cyber risks are incurred to different degrees. Various protection technologies are surfaced in the market: Mobile Device Management, end point lock down, cloud-based proxy, Data Leakage Protection, disk encryption and so forth; but they are never bullet proof. Organization needs to think about enablement (as well as empowerment) rather than prohibitive thru streamlined approach. Policy formulation, usage guidance, risk management, user awareness and enforcement via disciplinary process are required to minimize the impacts....

Cybersecurity Transformation

25th September 2018 By cliangNo Comments

To be successful in cybersecurity transformation, each one in the organization shall contribute as the baseline. Culture or politic in certain organizations prohibits; and this is not just applied to cybersecurity. If you SEE something need improvement and TALK about it with your boss, you'll become the issue owner to handle the resolution. This drives the culture of don't see and don't talk. Top executives don't HEAR things that potentially affects the organization. The essential success factors in the transformation journey include but not limited to: Senior management buy-in Provide necessary support for sustainability (not just a slogan in the air but actually allocate dedicated resources and invest in human capital) Top-down approach to drive end result with metrics Staff own passion adaptive to the changing business environment Once the people barrier is break-thru, other process issues will then go well....

Incident Respond

20th September 201822nd September 2018 By cliangNo Comments

Organizations usually invest substantially to manage and mitigate cyber attack with the detection technologies like log correlation and SOC (Security Operation Center) establishment plus comprehensive process of detailed respond to cyber threat scenarios with surprised drills etc. Not doubt, this will uplift the organization capacity and demonstrate due diligence has been exercised to deal with cyber attacks to stakeholders. On the other hand, cyber is just one of the failure or attack scenarios. Like fire incident, it might be due to human negligence (left burning cigarette unattended), natural disaster (strike by lightning) or cyber attack (S01E04 Fire Code - vulnerable printer firmware). No matter how, isolation to contain threat and promptly recovery to resume are required whether cyber or not. Resource (both skill set and manpower) in real life is always limited and should be put on recovery then drive from this end what is required for service resumption meeting recovery time objective. And don't forget the TCO (Total Cost Ownership) involved to sustain...

Split Knowledge

19th September 2018 By cliangNo Comments

This is usually a means of control normally deployed in key management such that accessing privileged and critical resource requires multiple designated persons to minimize misuse of such privilege by a single person. The simplest form is splitting a password into tokens and held by different persons. While security control is enforced, there are needs to consider: - Contingency, e.g. key person(s) is(are) not available in the case of split password. With technology, there is m of n crypto key recovery so that availability of the selected m persons (where m <= n) can regain access - Further, this assumes all these m persons do not collaborate for malicious act...

Ask Not

17th September 2018 By cliangNo Comments

This is self-explanatory... Ask not what cybersecurity can do for you. Ask what you can do for cybersecurity. Each of us shall contribute our effort to secure the cyber community....

Router or DPI?

4th September 20186th September 2018 By cliangNo Comments

One of the roles in cybersecurity practitioner is to share threat intelligence with internal stakeholders to enhance the situation awareness. If you are doing this, don't just share the links of the news. You need to analyze the published threat: Assess the credibility of the threat source Explore what are protection currently deployed in your organization How to avoid similar issues in your organization Prioritize protection investment if not yet deployed with applicable work around to reduce likelihood Essentially, it's WIIFM (What's In It For Me?). If you don't, you don't add value to sharing the threat intelligence. Sadly just a router rather than a smart Deep Packet Inspection....