The Basics
Terminology
Frameworks
A set of standards where cybersecurity practicioners can refer to define and integrate cybersecurity practices in their organization. Most common frameworks:
- NIST Cybersecurity Framework - Standard used mostly in US or organizations with business in US
- ISO 27001 and 27002 - Standard used in Malaysia
- SOC2 for Service Organization - Standard on controls for service organization.
- GDPR - Standard used in EU
Ransomware
A form of malware that will encrypt your files and holding your data hostage. Currently most rampant and definitely needs to be addressed in every organization.
Phishing
The most common method of obtaining sensitive information and gaining access. Mostly send through handcrafted email to trick people intro treating it as legit.
BYOD
Bring your own device. Refers to policy that allows people to connect to company's resources using their personal devices. Comes with pros and cons but generally a preferred choice for low budget organization.
Cybersecurity Policy
A set of documents that dictate how device should behave when accessing company resources. Shows organization's commitment to providing secure cyber practices and reduce attack surface
Threat Intelligence
Collection of data that give insight into threat actor's motive, targets and attack behaviors. Allows for proactive measures to fight against threat actors.
CIA Triad
Stands for Confidentiality, Integrity and Availability. The aim of cybersecurity is to uphold this triad, creating a robust system with minimal attack vector.
For this docs, I would like to introduce the NIST Cybersecurity Framework. This is the easiest to understand and implement (in my opinion) if an organization would like to start developing a cybersecurity program
NIST Cybersecurity Framework Core
Identify
From NIST Documentation, it is to develop and organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
This exercise will bring more visibility and understanding on assets and documentation associated with the organization. Once we know what we have, only then can we start to protect.
Protect
This exercise aimed to develop appropriate measures to serve critical services and upholding the CIA Triad.
Among activities involved in this exercise are Awareness Training, Antivirus, Firewall rules, email filtering and multifactor authentication.
Detect
To develop and implement methods to identify the occcurence of cybersecurity event. This usually served on organizational level and activities in this exercise include threat hunting, intrusion detection system, SIEM and network behavior analysis.
Respond
To create and apply appropriate activities regarding a detected cybersecurity incident. This exercise helps in created an incident response plan should the incident be severe. Some intrusion prevention systems are now capable of responding to known threat and vulnerabilities.
Responding to threat intelligence is also important in cases where zero-day vulnerability is found. This includes applying temporary fix, mitigation or alternative before the vulnerability is patched.
Recover
From NIST documentation, to develop and implement appropriate activities to maintain plans for resilience and to restore services that were impaired due to incident.
This exercise aims to create measures against downtime with things like backup and disaster recovery, business continuity plan or worse case, a cyber insurance.