Endpoint security — Network Security — Application Security — Incident Response — Regulatory Compliance — Data Protection — Training — Testing — Contingency Planning
1. End-point security
Endpoint security requires that each computing device on the network comply with certain standards before network access is granted.
Endpoints include laptops, desktops computers, smart phones, and other communication devices, tablets, specialized equipment such as bar code readers, point of sale (POS) terminals etc.
End-point security encompasses:
- Host-based firewalls, intrusion detection systems, and intrusion prevention systems
- Host-based anti-virus systems, anti-malware systems, anti-spyware systems, anti-rootkit systems, anti-phishing systems, pop-up blockers, spam detection systems, unified threat management systems
- SSL Virtual Private Networks
- Host Patch and Vulnerability Management
- Memory protection programs
- Control over memory devices, Bluetooth Security
- Password Management
- Security for Full Virtualization Technologies
- Media Sanitization
- Securing Radio Frequency Identification (RFID) Systems
2. Network Security
Network security relates to the cyber security aspects of computer networks and network-accessible resources.
Network Security encompasses:
- Secure authentication and identification of network users, hosts, applications, services and resources
- Network-based firewalls, intrusion detection systems, and intrusion prevention systems
- Network-based anti-virus systems, anti-malware systems, anti-spyware systems, anti-rootkit systems, unified threat management systems
- Network Patch and Vulnerability Management
- Virtual Private Networks
- Securing Wireless Networks
- Computer Security Log Management
- Enterprise Telework and Remote Access Security
- Securing WiMAX Wireless Communications
- Network Monitoring
- Network Policy Management
3. Application Security
Application security relates to the cyber security aspects of applications and the underlying systems.
Application attacks include:
- Input Validation attacks such as buffer overflow, cross-site scripting, SQL injection, canonicalization
- Authentication attacks such as network eavesdropping, brute force attacks, dictionary attacks, cookie replay, credential theft
- Authorization attacks such as elevation of privilege, the disclosure of confidential data, data tampering, luring attacks
- Configuration management attacks such as unauthorized access to administration interfaces / configuration stores, retrieval of clear text configuration data, lack of individual accountability, over-privileged process & service accounts
- Sensitive information attacks such as access to sensitive data in storage, network eavesdropping,
- Session management attacks such as session hijacking, session replay, man in the middle,
- Cryptography attacks due to poor key generation or key management and weak or custom encryption,
- Parameter manipulation attacks e.g. query string manipulation, form field / cookie / HTTP header manipulation,
- Exception management attacks such as denial of service,
- Auditing and logging attacks
4. Cyber Incident Response
Incident Response relates to the plans, policies, and procedures for handling cyber security incidents.
Broadly speaking, Cyber Incident Response covers:
- Organizing an Incident Response Capability
- Preparing for and preventing Incidents
- Detection and analysis of Incidents
- Containment, Eradication, and Recovery
- Post Incident Activity
Specifically, Cyber Incident Response encompasses:
- Forensic Imaging & Cloning
- Recovering Digital Evidence in Computer Devices
- Mathematical Authentication of Digital Evidence
- Analysing Data from Data Files, Operating Systems, Network Traffic, Applications, and Multiple Sources
- Analyzing Active Data, Latent Data, and Archival Data
- Wireless, Network, Database and Password forensics
- Social media forensics
- Malware, Memory and Browser forensics
- Cell Phone Forensics
- Web and Email investigation
- Analysing Server Logs
5. Regulatory Compliance
Regulatory Compliance relates to measures undertaken to ensure compliance with applicable laws and mandatory cyber security standards.
Failure to meet regulatory compliance requirements can result in civil and criminal action and even imprisonment for organization heads.
Usage of consolidated and harmonized compliance controls ensures regulatory compliance without unnecessary duplication of effort and activity.
One such control system is the “Effective Compliance and Ethics Program” contained in Chapter 8B2.1 of the Federal Sentencing Guidelines Manual issued by the United States Sentencing Commission.
Another control is the “AS 3806- 2006” issued by Standards Australia. This provides guidance on:
- The principles of effective management of an organization’s compliance with its legal obligations, as well as any other relevant obligations such as industry and organizational standards
- The principles of good governance and accepted community and ethical norms.
6. Data Protection
Data Protection relates to the cyber security aspects of protecting the confidentiality, integrity, and availability of data.
From a Data Protection perspective, data can be classified into 3 types — data at rest, data in motion and data under use.
Critical and confidential data includes source code, product design documents, process documentation, internal price lists, financial documents, strategic planning documents, due diligence research for mergers and acquisitions, employee information, customer data such as credit card numbers, medical records, financial statements etc.
Data Loss Prevention solutions:
- Identify confidential data
- Track that data as it moves through and out of enterprise
- Prevent unauthorized disclosure of data by creating and enforcing disclosure policies
Various encryption technologies such as symmetric encryption, public key encryption, and full disk encryption can be used for data protection.
A data protection policy involves:
- Instituting good security and privacy policies for collecting, using and storing sensitive information
- Using strong encryption for data storage.
- Limiting access to sensitive data.
- Safely purging old or outdated sensitive information.
7. Cyber Security Training
Cyber Security Training is a formal process for educating personnel about cyber security and building relevant skills and competencies.
Cyber Security Training ensures that relevant personnel understand their cyber security responsibilities. This enables them to properly use and protect the information and resources entrusted to them.
Effective cyber security training must include:
- Real-world training on systems that emulate the live environment,
- Continual training capability for routine training,
- Timely exposure to new threat scenarios,
- Exposure to updated scenarios reflecting the current threat environment,
- Coverage of basic day-to-day practices required by the users
8. Cyber Security Testing
Cyber Security Testing is the process of ascertaining how effectively the entity meets specific cyber security objectives.
Cyber Security Testing encompasses:
- Review Techniques, which include Documentation Review, Log Review, Ruleset Review, System Configuration Review, Network Sniffing, and File Integrity Checking
- Target Identification and Analysis Techniques, which include Network Discovery, Network Port and Service Identification, Vulnerability Scanning, Active & Passive Wireless Scanning, Wireless Device Location Tracking, and Bluetooth Scanning
- Target Vulnerability Validation Techniques which include Password Cracking, Penetration Testing, Penetration Testing and Social Engineering
- Security Assessment Planning which includes Developing a Security Assessment Policy, Prioritizing and Scheduling Assessments, Selecting and Customizing Techniques, Assessment Logistics, Assessor Selection and Skills, Location Selection, Technical Tools and Resources Selection, Assessment Plan Development and Legal Considerations
- Security Assessment Execution which includes Coordination, Assessing, Analysis, Data Handling, Data Collection, Data Storage, Data Transmission and Data Destruction
- Post Testing Activities which includes Mitigation Recommendations, Reporting and Remediation/Mitigation
9. Contingency Planning
Contingency planning revolves around preparing for unexpected and potentially unfavorable events that are likely to have an adverse impact.
Types of Contingency Plans are:
- Business Continuity Plan
- Continuity of Operations Plan
- Crisis Communications Plan
- Critical Infrastructure Protection Plan
- Cyber Incident Response Plan
- Disaster Recovery Plan
- Information System Contingency Plan
- Occupant Emergency Plan
Stages in the Information System Contingency Planning Process are:
- Developing the Contingency Planning Policy Statement
- Conducting the Business Impact Analysis
- Identifying Preventive Controls
- Creating Contingency Strategies
- Plan Testing, Training, and Exercises
- Plan Maintenance