Information Integrity #2

By cliangNo Comments
The missing Chinese character is "zero", this gives entirely different meaning. Disseminating of informative message appears does not have much of cybersecurity concerns. However, it depends on the usage purpose. If the incorrect information does not impose adverse consequence, then it only cause inconvenience to the target audience. But if it does (like sending out incorrect result of lottery draws, stock price, exchange rates), then the service provider has liability. Usually, a disclaimer is added to relieve the liability and using the service will constitute the acceptance of the usage term implicitly. Bottom-line is to have a comprehensive risk assessment of the digital solution or service offered to other parties. ...
Read More

Deep Packet Inspection (DPI) Firewall

By cliangNo Comments
No doubt, the technology is secure. But without assessing the situation holistically, this is inconclusive. Rulesets might be wrongly set or firewall is wrongly configured, then the DPI firewall is insecure. If the connecting components are in a restricted and lock down environment, a DPI firewall is overkill and won't contribute to enhance more security. By the same token, media always exaggerate cyber threats. We must judge if such threat scenarios are likely in our environment rather than blindly doing unnecessary lock down on existing systems. An example is the ransomware attack via inactive user account thru VPN without 2-factor authentication, or authenticated users via PrintNightmare exploit. Something must be done but not to complete today. Security enhancement must be assessed, managed rather than in a piecemeal manner. The latter might even create more problems after blindly applying the counter-measures. Remember - action without plan is nightmare; plan without action is day dream. ...
Read More

Declassification

By cliangNo Comments
Confidential information is costly to maintain. Imagine all the 3 data states (data-in-motion, data-at-rest, data-in-use) will require technology and the underlying process to manage the authorized access and usage while denying otherwise. Most often except a few, sensitive information will diminish its value or impact overtime. An example of the "few" is the formula of a soft drink that remains as trade secret to standout the products from its competitors. Other than technical controls like encryption or multi-factors authentication access for digital information, there are simply regulations to protect artist work copyrights, alogrithm patent etc. that are published in public domain. Secret government documents also have expiry date to release for public interests. The declassification together with destruction process are therefore an important stage in the information lifecycle management process. Without these, the burden to maintain secrecy will increase over time and become unmanageable. ...
Read More

Discovery

By cliangNo Comments
This is widely adopted in various process like: Asset discovery: to scan the network and take inventory of the components connected in the networkElectronic document discovery: to scan the network resources for automatic information classification and privacy complianceForensic eDiscovery: to collect cyber activities from the designated equipment uncovering the sequence of events No matter which application, the essential aspect is the correct use of the tool. Otherwise, incorrect or inaccurate information is captured that could incur undesirable consequence where decision will base upon. Training or certification for the competent person running the process will be the key. ...
Read More

100% Cyber Secure #2

By cliangNo Comments
Worry about breaching GDPR or PCIDSS? The most effective means is to avoid capturing these info that need protection. Accepting cash addresses the problem statement. However, the restaurant must not forget if they accept reservation with name and contact number, then it is also a channel of GDPR breach. Accepting cash will introduce risk of being robbed. The is typical pitfall that most security practitioners overlook. Implementing new cybersecurity protection also incurs other new risks. Therefore, holistic assessment is always required in any business risk identification and mitigation. Further, a fresh-eye review is necessary to eliminate any "blind spots". ...
Read More

DeMilitarized Zone (DMZ)

By cliangNo Comments
DMZ becomes the de facto standard for network segmentation. It is used to control network traffic across trust and untrusted network zones. Network traffic is used instead of network connection because the latter is not precise. A network cable is connected across components but what does matter is the traffic flowing thru. The network zoning is typically implemented by network firewall. More functions like anti-malware protection, site filtering, application requests screening are adding to the network firewall making it the so-called next generation (NG) firewall. To enhance customer confidence, there are 3rd party accredition for firewall cybersecurity. No matter how secure the component is manufactured and deployed, the important aspects to maintain a secure network perimeter are: Proper design, i.e. placing the firewall(s) at the correct network nodeProper configuration, i.e. device management and least privilege firewall rulesPeriodic assessment, i.e. validate if the configuration is still valid (don't retain the associated firewall rules when system has retired)Proper maintenance, i.e. update firmware...
Read More

Reinforcement

By cliangNo Comments
Sometimes, security protection needs reinforcement to avoid deterioration of effectiveness over time. This can easily be visualized in real world. Screws are used to tighten the wheels. Multiple screws are used for resilience. You add further clamp on to limit the screws from spin off. In dealing with cyber protection, the easiest deteriorating stack is the human factor. You have policy published and communicated. You still need to reinforce the situation awareness to bring back attention. An example is the phishing email. It is the common cyber attack vector resulting into infect ransomware to hijack all systems, install backdoor to corporate network, infiltrate sensitive information etc. Other than regular communication, launch phishing test campaign to validate how many in the organization will fall into the trap. Through repeated exercise, the awareness to combat against phishing attack will be reinforced. ...
Read More

Landscape

By cliangNo Comments
Some cybersecurity practitioners only drill down to the level of details of network diagram or even wiring diagram to identify adequacy of cyber protection. The system landscape or architecture is no doubt an element to look at but just part of it. The holistic approach shall look like these: What is the purpose of the systemHow is information used - control machine, information for decision making of critical operation or solely display as-isWhat is the consequence if compromisedWhat is the tolerable down timeWhat are options to bring up service within this unplanned down time windowHow to strike the balance for freezing the compromised system for digital forensic vs system recovery in meeting service pledge With these in mind, these diagrams are only useful to assess the attack path and the optimal countermeasures. And don't criticize insufficient information in the diagrams without setting a reference standard - this should be objective rather than subjective. ...
Read More

Suspicious

By cliangNo Comments
It is common to see such directive in subway, airport, key facilities, incident respond playbook etc. The problem is different people have different interpretation of "suspicious". Take phishing attack as an example. Email is apparently sent from the one you know. Should it be suspicious? If so, there won't be so many successful cyber attacks originated from phishing to launch ransomware, data exfiltration or remote access trojan (RAT). Therefore, more needs to be done to elaborate what is "suspicious" to raise situational awareness. Of course, it is a challenge to include so many information in a sign board. If the facility is so critical, each personnel (staff, visitor, contractor) should be briefed the threat scenario (like the safety rules before the aircraft departure) while the signage is just a reminder of what has been briefed. ...
Read More

Cyber …

By cliangNo Comments
Early days in the industry, we are talking about information security to protect the information so as to minimize the impact due to unnecessary disclosure, unauthorized modification or unplanned downtime. It covers every information taxonomy under the sun. Suddenly, cybersecurity comes into the place. And adding cyber as prefix becomes a fashion. Vendors are trying to convince customers their products or services are addressing the market needs with hi-tech. To me, cybersecurity is a subset of information security. At least the hardcopy information container is excluded from the cyber perspective though hardcopy becomes less and in diminished usage. There are many cyber stuffs: cyber workforce, cyber maintenance, cyber hygiene, cyber insurance, cyber warfare, cyber defense, cyber range etc. Pick cyber insurance as an illustration. This becomes a focus area in the industry and relevant standards are being developed such that work practices are consistent. However, cyber insurance isn't bullet proof. If your infrastructure has weakness, repeated cyber attacks are possible. The sole value of...
Read More