In order to support continuous operations, the following principles should be adopted as part of the security operations policies. Audit logging: Higher levels of assurance are required for protection, retention, and lifecycle management of audit logs, adhering to applicable legal, statutory, or regulatory compliance obligations. Audit logging also provides unique user access accountability that can…
Category: informationsecurity
Data Event Logging and Event Attributes
In order to be able to perform effective audits and investigations, the event log should contain as much of the relevant data as possible for the processes being examined. OWASP Proactive Controls v3.0, section C9, recommends the following when implementing security logging functions. For security logging implementation: Use a common logging format and approach within…
An Effective Information Security Continuous Monitoring (ISCM) Strategy
Continuous monitoring is a concept that has grown in importance during the transition to cloud computing. Information Security Continuous Monitoring (ISCM) is defined as “maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.” Resource: NIST SP 800-137, page vi http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-137.pdf The terms continuous and ongoing in this context mean…
NIST Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
This Framework was released April 16, 2018 and focuses on using business drivers to guide cybersecurity activities and consider cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: Framework Core A set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The…
Audit: Internal Information Security Management System
Previous article n series – Audit: Types of Audit Reports ISO/IEC 27001:2013 Domains Upon passing the audit process, an organization can have its information security management system (ISMS) certified by ISO/IEC 27001:2013. An ISMS will typically ensure that a structured, measured, and ongoing view of security is taken across an organization, allowing security impacts and…
Intrusion Kill Chain Framework by Lockheed Martin
The “intrusion kill chain” framework is an analytical tool introduced by Lockheed Martin security researchers in 2011. It is also sometimes referred to as the “Cyber Kill Chain”. It is an intelligence- driven, threat-focused approach to study intrusions from the adversaries’ perspective that could give network defenders the upper hand in fighting cyber attackers. So, what is…
Revisiting the Target breach of 2013
Between November 27 and December 18, 2013, the Target Corporation’s network was breached. 40 million credit and debit card numbers and 70 million records of personal information were stolen. The ordeal cost credit card unions over two hundred million dollars for just reissuing cards. Six months prior to the breach, Target deployed a well-known and…
Security Assessment: 7 questions to ask
With everything going on in the cybersecurity space, and a general push towards cloud adoption, security is on top of everyone’s mind. Here are some questions to ask your organization to identify security gaps – Incident Management – How well do we detect, accurately identify, handle, and recover from security incidents? Vulnerability Management – How well do…
“Trust me, I am a CISO”
As things around us rapidly unfold in the cybersecurity realm, many “experts” are sprouting out of the woodwork. How do we distinguish between the real deal and the phonies? Some questions to ask every “CISO” – How do you ensure security policies, procedures, baselines, standards, and guidelines are written to address the information security needs…
Weapons of Mass Disruption
Moonlight Maze In 1996, in the infancy of the Internet, someone was rummaging through military, research, and university networks primarily in the United States, stealing sensitive information on a massive scale. Victims included the Pentagon, NASA, and the Department of Energy, to name a very limited few. The scale of the theft was literally monumental,…