Introduction.
Each year brings more and more of software and devices connected to the Internet. As more of such are connected, system vulnerabilities increase in numbers as well.
There's deficit in numbers of cybersecurity professionals (in Poland alone, there's need for over 15 000 cybersecurity experts), and it seems that this deficit will increase in numbers as years pass.
Red Team vs. Blue Team.
'Red Team Hackers', 'Ethical Hackers', also called: 'Pentesters' focus on finding vulnerabilities in organization's systems, then report and help Blue Team to 'patch the holes'.
Blue Team are Administrators who are installing, configuring, and monitoring antivirus software, intrusion detection systems, and other protective mechanisms on these devices.
This article concerns more about theory and is mostly of interrest for future Blue Team members. It touches only basics, however. Blue Team aspirants should deepen the knowledge using other means as well.
Red Team members are meant to cooperate & communicate with Blue Team, hence why this article should be useful for them as well.
CIA Triad.
C - Confidentiality
- Ensuring that informations are available only for authorized personnel
I - Integrity
- Protecting data from unauthorized modification or deletion
A - Availability
- Ensuring that informations are available for authorized personnel
Methods for Ensuring Confidentiality:
- Security Policy (Categorizing Data as either Confidential or Public,
and ensuring that only authorized personnel has access to Confidential Data)
- Encryption
- Access Control (Physical and Multifactored Access Control)
Securing a device often comes at the cost of convenience of use. Protected laptop computer, for example, should be still useful and use-conveniet for authorized personnel. So, in practice, security means should not be too excessive. We should not request, for example, 128-characters-long random passwords from users.
Meaning of Integrity:
- Data should be protected from unauthorized modification
- Example attacks on Data Integrity:
- Modifying company's payments lists
- Modifying company's webpage conent files
- Might lead to disastrous consequences for a company
Meaning of Availability & Methods for Ensuring Availability:
- Ensuring continuity of work of systems and applications
- Redundancy (extra resources for case of malfunctions)
- Keeping backups (for swift restoration of data and systems in case of malfunction)
Examples & Solutions for Availability Violations:
- DDoS attacks (Resources Overload might cause troubles in accessibility)
- Viral Marketing (Sudden increase in Web Traffic might lead to overloading of
server resources)
- Solutions:
- Scalability
- Load Balancing
- Firewalls
- Monitoring
Additional characteristics of CIA model:
- Authentication & Authorization (verifying user's identity and privileges)
- Non-repudiation (provides proof of the origin, authenticity and integrity of data.
It provides assurance to the sender that its message was delivered, as well as proof
of the sender's identity to the recipient)
This way, neither party can deny that a message was sent, received and processed)
- Robustness (ability of a computer system to cope with errors during execution
and cope with erroneous input)
- Compliance (fulfilling legal and regulatory requirements)
- Privacy (protecting user privacy and personal data)
Cybersecurity as Process - CSF2.0
Overview:
- Cybersecurity should be treated as continuous process, not as single, one-time,
100% complete solution
- Every day new attacks & hacking techniques appear. Hacking tools are under constant
development, with time more advanced and more sophisticated hacking tools appear
- There's need for constant updating of security strategies
- Organizations keep deploying new technological solutions. New technologies might
introduce new vulnerabilities, new security holes
Being ready for incidents:
- Preparation (developing incident reaction plans)
- Detection (swift identification of potential threats)
- Reaction (immediate reaction to appearing incidents)
Process approach to cybersecurity can ensure readiness for action at any moment.
Process approach to cybersecurity can make compliance with legal and industry requirements easier.
Process approach in practice:
- Planning (developing strategies and objectives of cybersecurity)
- Deployment (implementing planned actions & controls)
- Assesment (efficiency analysis of deployed solutions)
- Perfection (constant refinement of security practices)
- Continuity & cyclicity (keep repeating above solutions in cycles)
Elasticity & Adaptation:
- Fast adaptation to appearing threats
- Adaptation to changing technologies & IT architecture
- Adaptation to changing business requirments, to changing organization needs
Integration with business processes (cybersecurity should not be treated as a
separate concern, should a part of business processes):
- Risk Management (integrating cybersecurity with overall risk management)
- Products Development (take cybersecurity into consideration with products'
lifecycles)
- Customer Service (integrating cybersecurity with customer support practices)
Cyber Security Framework 2.0 (CSF2.0):
- Created & Developed by NIST (National Institute of Standards & Technology in USA)
- Objective: helps with Risk Management in Cybersecurity
- Universality: can be tailored for small or large companies & organizations
CSF Elasticity:
- Elastic: CSF is an elastic tool, not stiff regulation or standard
- Adjustment: can be tailored for specific organization needs
- Pointers: generic approach, with possibility of custom implementation
CSF2.0 Components:
- Core (center of framework, with key functionalities)
- Profile (description of current and target cybersecurity approach)
- Tiers (characteristics of rigors of actions related with risk management)
CSF2.0 Core:
- Describes strategy of Risk Management in organization
- 'Surrounds' and manages five other CSF2.0 components
- Includes determining roles & responsibilites, who is responsible for what
- Manages supply chain(s)
- Sets policies related with cybersecurity
Identify (understanding of what we want to protect):
- Understanding (increasing understanding of current risks in cybersecurity)
- Resources Management (identification & management of organization's resources)
- Risk Assesment (analysis & evaluation of potential threats)
Protect:
- Security Tools (deploying proper security tools for risk management)
- Access Control (managing authentication & authorization, and raising
users' cybersecurity awareness)
- Data Security (protecting organization's sensitive informations)
Detect:
- Monitoring (constant monitoring of systems and networks)
- Analysis (analysis of incidents & anomalies in realtime)
- Alerts (generating alerts of potential security incidents)
Respond:
- Reaction Plan (preparation and deployment of incidents reaction plans)
- Incident Analysis (detailed analysis of detected cybersecurity incident)
- Softening Effects (actions meant for minimizing effects of security incident)
- also: Reporting & Communication
Recover:
- Recovery Plan (executing plan meant for restoring normal functioning)
- Communication (informing interrested parties about recovery processes)
- Post-Incident Analysis (drawing conclusions & refining processes)
CSF2.0 Profiles:
- Current Profile (description of current organization's cybersecurity state)
- Target Profile (description of desired cybersecurity state to achieve)
CSF2.0 Tiers:
Organization should consider how dangerous which risks are, resources available, and possibility of certain solution deployments.
Choice of Tiers for risks depends on organization. Not always higher tiers mean better security. Organization should choose which tiers to assign for what risks, depending on organization's resources and current needs.
Integrating CSF2.0 with overall risk management:
- Balance (treating cybersecurity risks as equal with other risks)
- Integration (including cybersecurity in overall risk management)
- Development (constant development of risk management processes)
Vulnerabilities and Metrics - CVSS.
/ to be done /.
Threat and Threats Modelling.
/ to be done /.
Risk Management.
/ to be done /.
Risk Metrics.
/ to be done /.
Attack & Incident Reaction Plans.
/ to be done /.
Who is Attacker & Attack Types.
/ to be done /.
