Poisoning

By cliangNo Comments
We heard about DNS poisonong, search engine poisoning, ARP poisoning etc. With the rise of AI, data poisonings is evolved. There are 2 types of poisoning: Malicious user to bypass the protection scheme of AI to output what is prohibited for abuse Poison the data model to generate incorrect results to user [The analogy is in the typical web application that malicous user plant bad data and stored in backend database as persistent threat to attack other users due to poor coding.] On top of regulatory and ethical issues, the key to deal with this is to enable secure use of AI by formulating guidance and apply final human judgment. Treat AI output as reference for insights and research only. ...
Read More

Network #2

By cliangNo Comments
Digitalization needs things connected to deliver the business outcome. Without network, not much or even none can be achieved. And there won't be luxury nor feasible for a point to point dedicated end-to-end communication line. Therefore, the network part is always the focus for cyber risk due to no need to access physically the component and connectivity. But remember, other aspects like physical security, application controls, service provider management are equally important to secure the digital function. ...
Read More

Architecture #2

By cliangNo Comments
Parthenon, 447 BC Some cybersecurity practitioners always mention network diagram to have cybersecurity architecture for review and so-called approval. They know just the term and never grasp the real meaning. Cybersecurity architecture is actually the digital landscape having these core elements: network zoning, electronic perimeter control, cyber protection measures. The last one is an organization-wide issue because protection measures are not solely via technical controls which are the last to consider. Not everything can be technically enforced and if it does, it kills business. Enhancing workforce competency especially cybersecurity practitioners who act as internal subject matter expert to provide reputable and credible opinions rather than just slipping words out of their mouth. Situation awareness is another key player in protection measure. The illustrated architecture is an aged structure with and yet it is still standing there. By the same token we should not solely demand refreshing technology obsolescence because it has entered end of support. It needs a holistic...
Read More

Off Grid

By cliangNo Comments
Our physical world is fully integrated with the cyber world. Some derivatives like privacy, digital asset, cyber protection are of a concern. The extreme approach to get rid of these cyber issues is to stay off grid, i.e. in the wild: no cell phone, no electricity, no tap water supply, no gas, no vehicle, or a complete isolate zone with the outter world. It is easy to just talk about staying off grid but when putting into practice, it's a great challenge to adapt. You need to hunt for food, collect drinkable water, build shelter, source heat to cook or keep warmth and most importantly don't get sick. Even a recycle bin will lead you connected with others in the logistic chain. We can't escape from the cyber world but to manage this to understand and accept the consequence. ...
Read More

Twins

By cliangNo Comments
Ditigal Twin is a digital representation of a physical object, person, or process, contextualized in a digital environment. There are lots of use cases and solutions available in the market for different types of model. How do we ensure the results from the digital environment is truly representing the physical environment? This falls into fundamentals that need subject matter experts design, deploy, sustain and validate the digital model regularly. Otherwise, an incorrect outcome from the digital representation will cause incorrect judgment with at worst catastrophic consequence. ...
Read More

Security Culture

By cliangNo Comments
A trivial observation will reveal a lot of issues about the security culture of an organization. 1. Does the organization: Have information security policies in place Define the differennt information classes Provide examples of each information class Establish approval process with appropriate authoritive level to declassify information for sharing Deploy viable means to share confidential materials Communicate properly all staff with mandatory regular refresher programme Integrate information security undertaking in the employment term Impose discrepancy process for policy violation Enforce role based access profile per job function Review periodically for appropriate access rights 2. Do the staff: Have minimal access to information just per the job roles Forget to reclassify the information after approval has been granted Understand what has gone wrong It seems so many issues have been surfaced but this is the challenge and a matter of fact when all of us living in the digital world, not-to-mention unstructured information is everywhere beyond the organization cyber landscape. The bottom line relies on human rather than technologies to secure information mandated by policies (written directives). ...
Read More

United

By cliangNo Comments
Combat against cyber threats relies on everyone. Together, determined group of individuals will become strong. Then, what about cybersecurity practitioners. Do we still need them? Yes, they are still required in an organization but there should be a small team to prioritize cyber protections aligning with the business objectives. Cybersecurity is now integrated into every job function, executed and sustained properly for effective protection. This requires the entire work force to achieve. This is just like each work force member has to prepare report, spreadsheet, presentation materials all on its own. Clerical support in the old days have gone. This change is inevitable especially all business functions are now undergone digital transformation to stay competitiveness in the market. ...
Read More

Tunnel #3

By cliangNo Comments
See thru tunnel TLS is breakable. Similar post is here. This is normally done at the Internet gateway. Anything flowing thru the tunnel will be visible and web surfers don't even know. The major rationales for Deep Packet Inspection are: Organizations impose DLP (Data Leakage Protection) technology Certain regions control the contents Therefore, don't expect privacy even the padlock is displayed in the web browser bar. Either you exercise further content protection before passing out to cloud folder, use VPN or even going extreme using the Dark Web. ...
Read More

Integrity

By cliangNo Comments
Here, I am not talking about the fundamental of information security, the CIA aspects. Most often, we trust the policy enforcement is honestly executed. Imagine the parking ticket is issued to vehicle with time expired. How do we ensure this is done unbiased, i.e. the actual time is expired in the meter rather than issuing the parking ticket at wish? We are not yet coming to the point of technology failure (incorrect display, incorrect calculation etc.). Personal integrity is important and that's why human is the success factor in cyber security. I have seen incompetent cybersecurity practitioner raising subjective opinions or manipulate the situation based on a buggy policy without looking in the real situation nor listen to feedback. This is the most biggest risk to an organization. The risk is no longer due to hackers, human error, insecure configuration, lack of cyber maintenance and those typical FUD issues. Therefore, evaluating the competency of the...
Read More

ZTNA

By cliangNo Comments
Zero Trust Network Access (ZTNA) is suddenly becoming eye-catching in ICT. No doubt, this will enhance cybersecurity as untrusted by default. The theory is simple: going thru multiple policies (technical configuration settings) and authentication before gaining access to the designated network resources. The controls are applied on who (access roles), when (time of day), what (network resources), where (network location) & why (what type of transaction or business reason). In a nutshell, who to access what resources from where and when with legitimate reason (why). The pitfall is the "how" … how does the existing environment fit with this access model and not-to-mention the changes in user experience. A M2M (Machine to Machine) ZTNA might be applicable use case but this will definitely take a while to transform for access involving human. Even worst, some cybersecurity practitioners introduce this ZTNA model in the ICS environment to combat against cyber threats which are even just conceptual because the ICS environment has...
Read More