Professional Documents
Culture Documents
Unit 2 Cyber Security RMVD
Unit 2 Cyber Security RMVD
People Management
• The Information Security Forum’s (ISF’s) Standard of Good Practice for Information
Security (SGP) uses the term people management to refer to all aspects of security
related to the behavior of employees and others who have access to the
organization’s information and systems.
• As many security experts have pointed out, superb technical solutions for ensuring
security are bound to fail if employees do not understand their security
responsibilities and are trained and motivated to fulfill those responsibilities.
1)SecurityintheHiringProcess
✓ ISO 27002, Code of Practice for Information Security Controls, lists the
followingsecurityobjective of the hiring process: to ensure that employees
and contractors
understand their responsibilities and are suitable for the
roles for which theyconsidered.
are
o Background Checksand Screening
o Employment Agreements
o JobDescriptions
Security
-Related Tasks by Job Description
2) During Employment ✓ ISO 27002 lists the following security objective with respect
to current employees: to ensure that employees and contractors are aware of and fulfill
their information security responsibilities.
o Least privilege o Separation of
duties o Limited reliance on key employees o
Dual operator policy
3) Termination of Employment
✓ ISO 27002 lists the following security objective with respect to termination of
employment: to protect the organization’s interests as part of the process of
changing or terminating employment.
MC4205 CYBER SECURITY
1. Security Awareness
✓ All employees have security responsibilities; all employees must have
suitable awareness training. Awareness seeks to focus an individual’s
attention on an issue or a set of issues
o security culture
o negligent behavior
✓ A Role-Based Model for Federal Information Technology/Cyber security
Training. SP 800-50, Building an Information Technology Security Awareness
and Training Program.
o security awareness
o accidental behavior o malicious behavior o
change management
• Change management is designed to minimize resistance to organizational
change through involvement of key players and stakeholders.
• Plan, assess, and design
• Execute and manage
• Evaluate and adjust
MC4205 CYBER SECURITY
INFORMATION MANAGEMENT
2. Information Labeling
✓ A label needs to be associated with each instance of an information type
so that its classification is clearly and unambiguously known.
✓ Methods are needed to ensure that a label is not separated from the
information and that the content of the label is secure from unauthorized
modification.
✓ The automated tools should facilitate integration with other security tools,
such as encryption and digital signature modules and data loss prevention
(DLP) packages.
✓ A set of technologies and inspection techniques used to classify information
content contained within an object—such as a file, an email, a packet, an
application, or a data store—while at rest (in storage), in use (during an
operation), or in transit (across a network).
MC4205 CYBER SECURITY
PRIVACY
✓ The term privacy usually refers to making ostensibly private information about an
individual unavailable to parties who should not have that
information.
✓ Privacy interests attach to the gathering, control, protection, and use of
information about individual.
✓ Examples
o Personal identification number (PIN), such as Social Security number
(SSN), passport number, driver’s license number,
identification number, patient identification number, or financial
account or credit card number
o Telephone numbers, including mobile, business, and personal numbers
1. Privacy Threats
✓ To understand the requirements for privacy, the threats must
first be Identified taxpayer
MC4205 CYBER SECURITY
ISO 29100
✓ ISO 29100, Privacy Framework, lists the following 11 privacy principles that form
the bases of this international standard
2. Privacy Controls
✓ To counter privacy threats and comply with government laws and regulations,
organizations need a set privacy controls that encompass their privacy
requirements and that respond to legal requirements – Authority and
purpose:
– Accountability, audit, and risk management
– Data quality and integrity
– Data minimization and retention: – Individual participation and redress –
Security:
– Transparency
– Use limitation
2. Records Management
✓ Records management is a vital business function that requires stronger
security measures than those for document management.
MC4205 CYBER SECURITY
OFFICE EQUIPMENT
o Clear
o Purge
✓ Self-Encrypting Drive (SED)
o A hard drive with a circuit built into the disk drive controller chip
that encrypts all data to the magnetic media and decrypts all the
data from the media automatically.
✓ The human interface also displays process status information and historical
information. Remote diagnostics and maintenance: Diagnostics and
maintenance utilities are used to prevent, identify, and recover from abnormal
operation or failures.
IT Systems ICSs
Response must be consistent Response is time-critical.
Responses such as rebooting are Responses such as rebooting may not be acceptable
acceptable because of process availability
requirements
Manage data. Control physical world
Systems are specified with enough Systems are designed to support the resources to
support the addition of intended industrial process and may not third- party applications
such as security have enough memory and computing
solutions resources to support the addition of
security capabilities.
Standard communications protocols are Many proprietary and standard used.
communication protocols are used
Component lifetime is on the order of 3 Component lifetime is on the order of 10 to 5 years
to 15 years.
ICS Security
✓ The Department of Homeland Security’s (DHS’s) Recommended Practice:
Improving Industrial Control System Cyber security with Defense-in-
Depth Strategies.
✓
IT Systems ICSs
Easily deployed and updated Ability to protect legacy systems with aftermarket
solutions
Multiple vendors Usually the same vendor over time
Modern methods Modern methods possibly inappropriate
Regular and scheduled Strategic scheduling
MC4205 CYBER SECURITY
Attack surface
Firmware: The firmware necessary to boot the mobile operating system (that is, boot
loader) may verify additional device initialization code, device drivers used for
peripherals, and portions of the mobile operating system— all before a user can use the
device. I
MC4205 CYBER SECURITY
Mobile operating system : The most common operating systems for mobile
devices are Android and iOS. An operating system includes a sandbox facility for
isolating third -party applications in some manner to prevent unexpected or
unwanted interaction between the system, its ap plications, and applications’
respective data (including user data).
Application: The application layer includes third -party applications, various
apps and services provided by the mobile device vendor, and facilities for
defining permissions
1. Mobile Ecosystem
✓ The execution of mobile applications on a mobile device may involve
communication across a number of networks and interaction with a number
of systems owned and operated by a variety of parties.
✓ This ecosystem makes the achievement of effective security challenging.
o Cellular and Wi-Fi infrastructure:
o Public application stores o Private
application stores o Device and OS vendor
infrastructure:
MC4205 CYBER SECURITY
2. Vulnerabilities
✓ Mobile devices need additional specialized protection measures beyond those
implemented for other client devices, such as desktop and laptop devices that
are used only within the organization’s facilities and on the organization’s
networks.
– Lack of Physical Security Controls
– Use of Untrusted Mobile Devices
– Use of Untrusted Networks
– Use of Applications Created by Unknown Parties
– Use of Untrusted Content
– Use of Location Services
3. Mobile Device Security Strategy
✓ The recent DHS report Study on Mobile Device Security groups security threats
and defenses into five primary components of the mobile ecosystem and their
associated attack surface: the mobile device technology stack, mobile
applications, mobile network protocols and services, physical access to the
device, and enterprise mobile infrastructure.
– Rooting
– Side loading
System Development
The system development life cycle (SDLC) is the overall process of developing,
implementing, and retiring information systems. Various SDLC models have
been developed to guide the processes involved, and some methods work
better than others for specific types of projects.
2. Development/Acquisition Phase
✓ The relationships among six key security-related activities that comprise the
development/acquisition phase.
MC4205
✓ A key security activity in this phase is conducting a risk assessment and using the
results to supplement the baseline security controls.
3. Implementation/Assessment Phase
✓ The relationship among four key security-related activities that comprise the
implementation/assessment phase.
MC4205
5. Disposal Phase
✓ The disposal phase is the process of preserving (if applicable) and discarding
system information, hardware, and software. During this phase, information,
hardware, and software are moved to another system, archived, discarded, or
destroyed.
✓ The disposal phase involves the following control gates:
MC4205
DISASTER MANAGEMENT
Example
MC4205
security incidents.
• Incident response planning contains specific directions for specific attack
scenarios, avoiding further damages, reducing recovery time and mitigating
cyber security risk.
• Incident response procedures focus on planning for security breaches and how
organizations will recover from them.
MC4205
• Types of malware
• Man-in-the-middle attacks
• Social engineering
• Data breaches
• Data leaks
• Email spoofing
• Domain hijacking
• Denial of service (DoS)
• There are tools and industry standards that can be helpful to incident
response teams.
• Tools can be split into three categories:
• Prevention
• Detection
• Response
(CSIRT) who is responsible for analyzing, categorizing and responding to
• There are two frameworks that have become industry standard, the NIST
Incident Response Process and the SANS Incident Response Process.
• The NIST Incident Response Process is four steps:
• Preparation
• Detection and analysis
• Containment, eradication and recovery
• Post-incident activity
• The SANS Incident Response Process is six:
MC4205
• Preparation
• Identification
• Containment
• Eradication
• Recovery
• Lessons learned