Process – Page 10 – The SECOND Advisories Limited

Incident Respond

20th September 201822nd September 2018 By cliangNo Comments

Organizations usually invest substantially to manage and mitigate cyber attack with the detection technologies like log correlation and SOC (Security Operation Center) establishment plus comprehensive process of detailed respond to cyber threat scenarios with surprised drills etc. Not doubt, this will uplift the organization capacity and demonstrate due diligence has been exercised to deal with cyber attacks to stakeholders. On the other hand, cyber is just one of the failure or attack scenarios. Like fire incident, it might be due to human negligence (left burning cigarette unattended), natural disaster (strike by lightning) or cyber attack (S01E04 Fire Code - vulnerable printer firmware). No matter how, isolation to contain threat and promptly recovery to resume are required whether cyber or not. Resource (both skill set and manpower) in real life is always limited and should be put on recovery then drive from this end what is required for service resumption meeting recovery time objective. And don't forget the TCO (Total Cost Ownership) involved to sustain...

Split Knowledge

19th September 2018 By cliangNo Comments

This is usually a means of control normally deployed in key management such that accessing privileged and critical resource requires multiple designated persons to minimize misuse of such privilege by a single person. The simplest form is splitting a password into tokens and held by different persons. While security control is enforced, there are needs to consider: - Contingency, e.g. key person(s) is(are) not available in the case of split password. With technology, there is m of n crypto key recovery so that availability of the selected m persons (where m <= n) can regain access - Further, this assumes all these m persons do not collaborate for malicious act...

Data-at-rest

15th September 2018 By cliangNo Comments

This is one of the commonly referred information states among data-in-use and data-in-motion. Within data-at-rest, there should be further taxonomy: offline (backup provision for recovery), archival (kept as historical record and retrieved when needed) and disposal (no longer needed for business operation). Therefore, protection for all these data-at-rest taxonomy is equally important to secure the content....

Assumption

13th September 2018 By cliangNo Comments

Risk assessment is part of the risk management process to identify exposure, likelihood and business risks so that the necessary protection measures could minimize the impact. The tricky thing is most often controls are implicitly assumed, e.g. the access control to the target application relies on the robustness of the Identity Provider enforcing the defined roles & privileges, the effectiveness of anti-malware protection relies on the backend process to refresh for up-to-date definition, the platform and system applications are regularly hardened from known vulnerabilities, network perimeter controls are defined correctly and so on. Therefore, it is important to align and set the scene what key assumptions are referred in the very first step before assessing risks. If any of these is incorrect, then the exposure will be under-estimated and so for the residual risks....

Limitation

10th September 2018 By cliangNo Comments

Every technology or system must have inherent limitations: no matter itself or its environment. Say, surveillance via CCTV for physical security, there is still the need to deploy guards patrolling the strategic locations to validate what you see if legitimate and augment the "blind spot" of CCTV coverage. Therefore: Unmanaged limitations will develop into vulnerabilities Exploitable vulnerabilities will become risks Neglected risks will impact the business Regular process review or system vulnerability assessment are then required for continuous cybersecurity strengthening....

Blockchain

9th September 20189th September 2018 By cliangNo Comments

Everyone is talking about this great technology and every industry is trying to adopt in the business model. Without going deep into technicality and in nutshell, the digital proof of the transaction is established and guaranteed in this distributed ledger. However, an important element need to think about: how can the digital transaction in the cyber world be enforced for fulfillment in the physical world without any regulation? Think twice: if you have paid ransom via such digital transaction intended to unlock files encrypted by ransomware, how do you ensure that "service" is delivered? Therefore, internal use or limited adoption within closed community enforced with contractual terms are likely the use case in near term....

Business Value

7th September 2018 By cliangNo Comments

One of the fundamental principles in cybersecurity is to apply necessary controls to reduce business impact. Business value is the catalyst in the risk management. The cyber poker machine is chosen as an illustration here. If this cyber application is deployed in a casino, the bet outcome means money. The result of each bet must be protected against manipulation like session replay, unauthenticated or fraudulent submission to control the coins release valve. But if it is deployed as part of the entertainment system in an aircraft, then it doesn't matter. The bet outcome is just for fun....

Supply Chain

6th September 20186th September 2018 By cliangNo Comments

When we consider business continuity especially service resumption, we need to look at the supply chain for the entire end-to-end production and delivery. Computer systems are just part of the gears involved. Beyond automation, logistics are equally important to accomplish the mission....

Life Cycle Management

2nd September 20186th September 2018 By cliangNo Comments

Protection measures won't last long. They are secure at time of deployment but deteriorates or becomes obsolescence some days later. Regular technology refresh is essential to sustain the intended protection....