The Forgotten Place

By cliang3 Comments
Most of the time, tight technical controls are deployed at infrastructure, network, platform, application or end points to address cybersecurity. A "misbehaved" device will ruin all these efforts.  Perhaps a written hard copy disclaimer should be posted at the bottom of the display to indicate the information or service is provided as-is, and disclaim responsibilities arising from any consequential or collateral damages due to information error or service interruption.  A comprehensive risk assessment should have picked up this....
Read More

Cybersecurity Transformation

By cliangNo Comments
To be successful in cybersecurity transformation, each one in the organization shall contribute as the baseline. Culture or politic in certain organizations prohibits; and this is not just applied to cybersecurity. If you SEE something need improvement and TALK about it with your boss, you'll become the issue owner to handle the resolution.  This drives the culture of don't see and don't talk.  Top  executives don't HEAR things that potentially affects the organization. The essential success factors in the transformation journey include but not limited to: Senior management buy-in Provide necessary support for sustainability (not just a slogan in the air but actually allocate dedicated resources and invest in human capital) Top-down approach to drive end result with metrics Staff own passion adaptive to the changing business environment Once the people barrier is break-thru, other process issues will then go well....
Read More

Incident Respond #2

By cliangNo Comments
Respond is 1 of the 5 domains under the NIST CyberSecurity Framework along with Identify, Protect, Detect and Recover. It is also generally understood the importance of IR in the industry because "it is not a matter of if but when your system is compromised".  Promptly respond to incident could trigger the required recovery actions to minimize business interruption. The hard part is that you'll never know if the response will work in real life even though there are regular drills to opt for continuous improvement.  This is like the air-bag in your car - you only know if it serves the purpose when triggered....
Read More

Incident Respond

By cliangNo Comments
Organizations usually invest substantially to manage and mitigate cyber attack with the detection technologies like log correlation and SOC (Security Operation Center) establishment plus comprehensive process of detailed respond to cyber threat scenarios with surprised drills etc. Not doubt, this will uplift the organization capacity and demonstrate due diligence has been exercised to deal with cyber attacks to stakeholders. On the other hand, cyber is just one of the failure or attack scenarios.  Like fire incident, it might be due to human negligence (left burning cigarette unattended), natural disaster (strike by lightning) or cyber attack (S01E04 Fire Code - vulnerable printer firmware).  No matter how, isolation to contain threat and promptly recovery to resume are required whether cyber or not. Resource (both skill set and manpower) in real life is always limited and should be put on recovery then drive from this end what is required for service resumption meeting recovery time objective.  And don't forget the TCO (Total Cost Ownership) involved to sustain...
Read More

Split Knowledge

By cliangNo Comments
This is usually a means of control normally deployed in key management such that accessing privileged and critical resource requires multiple designated persons to minimize misuse of such privilege by a single person.  The simplest form is splitting a password into tokens and held by different persons. While security control is enforced, there are needs to consider: - Contingency, e.g. key person(s) is(are) not available in the case of split password.  With technology, there is m of n crypto key recovery so that availability of the selected m persons (where m <= n) can regain access - Further, this assumes all these m persons do not collaborate for malicious act...
Read More

Data-at-rest

By cliangNo Comments
This is one of the commonly referred information states among data-in-use and data-in-motion. Within data-at-rest, there should be further taxonomy: offline (backup provision for recovery), archival (kept as historical record and retrieved when needed) and disposal (no longer needed for business operation). Therefore, protection for all these data-at-rest taxonomy is equally important to secure the content....
Read More