Cyber Security Areas Data Loss Prevention: Data Loss Prevention (DLP) is a process used to ensure that sensitive data is not lost, misused, and access by unauthorized users. Many organisations used standard processes and tools to avoid such data loss breaches. DLP software classifies regulated, confidential, and business critical data and identifies violation of policies within the organization. Once those violations are identified, DLP enforces remediation with alerts, encryption, and other protective actions to prevent end users from accidentally or maliciously sharing data that could put the organization at risk. Data loss prevention solves three main objectives that are common pain points for many organizations: personal information protection / compliance, intellectual property (IP) protection, and data visibility. McAfee is most widely used DLP software worldwide. https://digitalguardian.com/blog/what-data-loss-prevention-dlp-definition-data-loss-prevention
Penetration Testing: A penetration test is an authorized simulated cyber attack against the computer system to uncover vulnerabilities in application system, API’s, frontend/backend servers. It is commonly used to augment a web application firewall. It is performed to identify weaknesses including the potential for unauthorized parties to gain access to the system’s data and features. Penetration test reports may also assess potential impacts to the organization and suggest countermeasures to reduce the risk. The penetration testing process is divided into five stages such as, Planning and reconnaissance, Scanning, Gaining access, Maintaining access, Analysis & WAF (web application firewall) configuration.
https://www.imperva.com/learn/application-security/penetration-testing/ https://en.wikipedia.org/wiki/Penetration_test
Secure DevOps: DevOps enables integration of software development and IT operations together to increase operational efficiency and deliverability. During the process there are high chances of risks and cultural changes associated with it which can affect the entire pipeline and create new security challenges such as Privileged Access Management, Insecure code practices. Secure software practices focus on providing reliable software with reduced attacked surface. Such process can help the developer to worry less about being hacked and more focus on preventing attacks and quickly recovering from cyber incidents during the CI/CD integration.
Secure Software Development: Secure Software Development is a process of developing software practices by ensuring security is built in the software. Security is most effective when planned and managed throughout the stages of software development lifecycle (SDLC). Integration of security in SDLC ensures sensitive and critical data is handled without loss of data. Applications, systems, and networks are constantly under various security attacks such as malicious code or denial of service. Some of the challenges from the application development security point of view include Viruses, Trojan horses, Logic bombs, Worms, Agents, and Applets[]. The core activities essential to the software development process to produce secure applications and systems include conceptual definition, functional requirements, control specification, design review, code review and walk-through, system test review, and maintenance and change management []. Development of secure software is a responsibility of all the stakeholders which includes management, project managers, business analysts, quality assurance managers, technical architects, security specialists, application owners, developers, and testers.
https://en.wikipedia.org/wiki/Software_development_security
Identity and Access Management: Identity and Access Management is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources [1]. With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations [2]. IAM falls under IT security and data management. IdM/ IAM covers issues such as how users gain an identity, the roles and, sometimes, the permissions that identity grants, the protection of that identity and the technologies supporting that protection (e.g., network protocols, digital certificates, passwords, etc.) [1]. IAM ensures authentication of user to access the sensitive data and performed actions they are authorized to access and modify. Systems used for IAM include single sign-on systems, two-factor authentication, multifactor authentication and privileged access management. These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared [2].
https://en.wikipedia.org/wiki/Identity_management https://searchsecurity.techtarget.com/definition/identity-access-management-IAM-system
Governance, Risk and Compliance: GRC is an integrated, holistic approach to organization-wide governance, risk and compliance ensuring that an organization acts ethically correct and in accordance with its risk appetite, internal policies, and external regulations, through the alignment of strategy, processes, technology, and people, thereby improving efficiency and effectiveness [1]. Successful implementations of single integrated GRC software packages enable organizations to manage risk, reduce costs incurred by multiple installations and minimize complexity for managers [2]. In GRC, governance is needed for setting directions, monitoring performance, and control, and evaluating outcomes. Risk management ensures that the organization identifies, analyses, and controls risk that can derail the achievement of strategic objectives. Compliance ensures that depending on the context, the organization takes measures and implements controls to assure that compliance requirements are met consistently [3]. Many organizations worldwide have adopted GRC software to implement and manage enterprise GRC programs. https://link.springer.com/chapter/10.1007/978-3-642-21640-4_16 https://link.springer.com/article/10.1007/s10796-015-9572-3 https://www.bmc.com/blogs/grc-governance-risk-compliance/
Incident Response and Forensic Analysis: In the enterprise, digital investigations are often associated with incident response – the detection and investigation of system compromises and targeted attacks. A distributed forensic investigation platform serves to increase digital readiness by lowering the investigative cost and increasing the quality of digital evidence obtainable [1]. Organizations worldwide are following automated live response mechanism instead of using traditional approach where live response are used as a critical part of the investigative process to capture and document volatile system state prior to hard disk imaging. Triaging is another mechanism used to reduce the time required to image the systems. Many enterprise management tools give the investigator complete access to the underlying filesystem and memory. It can seriously pose threat to the personal identifiable information. Therefore, with tighter regulations regarding the privacy, companies conduct routine investigation tasks such as malware infection which must be delegated quickly to a large number of operators while sensitive investigations which might require access to private information must be legally managed within a small number of operators. https://www.sciencedirect.com/science/article/pii/S1742287611000363
Big Data & Application security: Big data are being used in various cybersecurity applications. For example, in Security information and Event Management systems (SIEM), nonrelational database (NoSQL) are used to store logs, messages and security events. The practical significance of Big Data technologies lies in the ability to detect primary and secondary signs of preparation and conduct of computer attacks, the detection of abnormal behavior of controlled objects and subjects, the classification of previously unknown mass and group cyber attacks (including new DDOS and APT), the detection of the traces of computer traces crimes, etc., that is, in all cases when the use of traditional means of information protection (SIEM, IDS / IPS, system of protection from unauthorized access to information, cryptographic information protection facility, antiviruses, etc.) is not very effective [1] . Cybercrime and attacks can cause devastating financial losses and affect organizations and individuals as well. It is estimated that, a data breach costs 8.19 million USD for the United States and 3.9 million USD on an average, and the annual cost to the global economy from cybercrime is 400 billion USD [2]. The ultimate goal of cybersecurity data science is data-driven intelligent decision making from security data for smart cybersecurity solutions [2].
http://ceur-ws.org/Vol-2081/paper22.pdf https://link.springer.com/article/10.1186/s40537-020-00318-5
Cryptography: Cryptography is the study of secure communications techniques that allow only the sender and intended recipient of a message to view its contents. The term is derived from the Greek word kryptos, which means hidden. Also known as encryption, cryptography is a security domain that focuses on maintaining data integrity, confidentiality, and authenticity. In practice, cryptography implies using different techniques of disguising information so that it can only be revealed to authorized users. At the same time, of course, those that do not have access to the encrypted intel will perceive data as unreadable or unrecognizable. When transmitting electronic data, the most common use of cryptography is to encrypt and decrypt email and other plain-text messages. The simplest method uses the symmetric or "secret key" system. Here, data is encrypted using a secret key, and then both the encoded message and secret key are sent to the recipient for decryption. The problem? If the message is intercepted, a third party has everything they need to decrypt and read the message. To address this issue, cryptologists devised the asymmetric or "public key" system. In this case, every user has two keys: one public and one private. Senders request the public key of their intended recipient, encrypt the message and send it along. When the message arrives, only the recipient's private key will decode it — meaning theft is of no use without the corresponding private key. https://www.kaspersky.com/resource-center/definitions/what-is-cryptography
Application Security Application security is the process of developing, adding, and testing security features within applications to prevent security vulnerabilities against threats such as unauthorized access and modification. Application security describes security measures at the application level that aim to prevent data or code within the app from being stolen or hijacked. It encompasses the security considerations that happen during application development and design, but it also involves systems and approaches to protect apps after they get deployed. Application security may include hardware, software, and procedures that identify or minimize security vulnerabilities. A router that prevents anyone from viewing a computer’s IP address from the Internet is a form of hardware application security. But security measures at the application level are also typically built into the software, such as an application firewall that strictly defines what activities are allowed and prohibited. Procedures can entail things like an application security routine that includes protocols such as regular testing. https://www.vmware.com/topics/glossary/content/application-security
Information security Governance and Risk Management The Information Security Governance and Risk Management domain entails the identification of an organization’s information assets and the development, documentation, implementation and updating of policies, standards, procedures and guidelines that ensure confidentiality, integrity and availability. Management tools such as data classification, risk assessment, and risk analysis are used to identify threats, classify assets, and to rate their vulnerabilities so that effective security measures and controls can be implemented. The candidate is expected to understand the planning, organization, roles and responsibilities of individuals in identifying and securing organization’s information assets; the development and use of policies stating management’s views and position on particular topics and the use of guidelines, standards, and procedures to support the policies; security training to make employees aware of the importance of information security, its significance, and the specific security-related requirements relative to their position; the importance of confidentiality, proprietary and private information; third-party management and service-level agreements related to information security; employment agreements, employee hiring and termination practices, and risk management practices and tools to identify, rate, and reduce the risk to specific resources. The GRC team typically audits the work of all other domains and ensures that they operate in compliance with the security standards, frameworks, and protocols. These specialists also assess risks, identify key security concepts and concerns, and define policies and procedures. https://www.oreilly.com/library/view/cissp-for-dummies/9781118417102/a4_06_9781118362396-ch02.html
Security Architecture and Design Security architecture and design looks at how information security controls and safeguards are implemented in IT systems in order to protect the confidentiality, integrity, and availability of the data that are used, processed, and stored in those systems. Explore our collection of articles, presentations, reports and webinars regarding security architecture and design.A security architect is the specialist who defines vulnerabilities of each information system platform, such as servers, storage area network, routers, firewalls, and creates specialized security protocols for each one of them. In essence, this domain of cybersecurity operates as the brain behind the defense infrastructure and should predict any potential threat. https://library.educause.edu/topics/cybersecurity/security-architecture-and-design
Critical Infrastructure security This type of cybersecurity ensures that the digital infrastructure of our vital public systems remains preserved and protected from any form of malignant misuse. Put simply, critical infrastructure security entails keeping cyberattacks away from our hospitals, traffic, electricity grid, etc. CISA works with businesses, communities, and government partners at all levels to provide training and other tools and resources related to critical infrastructure security. Efforts focus around raising awareness among the broader community on the need for critical infrastructure security and resilience and enhancing their current efforts. Public-private partnerships are vital to this effort as everyone has a role in securing the nation’s critical infrastructure. CISA’s delivers its infrastructure security services and capabilities to public and private sector stakeholders at both the national level through its headquarters and nationwide through its 10 regions.
Internet of Things Security (IoT) Security in IoT is the act of securing Internet of Things devices and the networks they’re connected to. In the business setting, IoT devices include industrial machines, smart energy grids, building automation, plus whatever personal IoT devices employees bring to work. This range of devices can pose security risks that can threaten your business. The Internet of Things security is concerned with securing all the devices connected to the internet, and we are approaching a moment when these would simply be called our “stuff.” From security cameras to the smallest home appliances, everything’s networked. Consequently, nearly everything can and should be clear of vulnerabilities and protected from potential cyber intrusions. To provide protection in the age of IoT, network operators need to have the tools and skills to: • See and profile every device on the network, to understand what IoT devices are being deployed • Control access to the network, both connecting to the network and determining where devices can access • Monitor the devices on the network to ensure that they are not compromised and to take automatic and immediate action if they are
Operation Security: Operational security (OPSEC) is a security and risk management process that prevents sensitive information from getting into the wrong hands. Another OPSEC meaning is a process that identifies seemingly innocuous actions that could inadvertently reveal critical or sensitive data to a cyber criminal. OPSEC is both a process and a strategy, and it encourages IT and security managers to view their operations and systems from the perspective of a potential attacker. It includes analytical activities and processes like behavior monitoring, social media monitoring, and security best practice. OPSEC first came about through a U.S. military team called Purple Dragon in the Vietnam War. The counterintelligence team realized that its adversaries could anticipate the U.S.’s strategies and tactics without managing to decrypt their communications or having intelligence assets to steal their data. They concluded that the U.S. military forces were actually revealing information to their enemy. Purple Dragon coined the first OPSEC definition, which was: “The ability to keep knowledge of our strengths and weaknesses away from hostile forces.”A crucial piece of what is OPSEC is the use of risk management to discover potential threats and vulnerabilities in organizations’ processes, the way they operate, and the software and hardware their employees use. Looking at systems and operations from a third party’s point of view enables OPSEC teams to discover issues they may have overlooked and can be crucial to implementing the appropriate countermeasures that will keep their most sensitive data secure. https://www.fortinet.com/resources/cyberglossary/operational-security
Network Defense Computer Network Defense (CND) is a form of cybersecurity for the securing of military and government computer systems. Like everyone else in the world, national agencies also have to secure their systems against malicious cyber attacks. We live in a highly technological era, with computers and other technology being used for good all over the world. People use computers to create new things for people everywhere to enjoy. People use computers to write stories, make videos, and even build exciting new things online, like websites and video games.Unfortunately, like every other good thing in the world, computers can also be used to do unscrupulous things, like hack into corporate networks and steal customer data and intellectual property. Hackers have been doing this since the internet was invented, forcing companies and webmasters to adapt their security practices with the changing times.All over the world, militaries and government agencies are using computer network defense to secure their systems and protect their national security by keeping hackers out of highly important systems. This helps to make critical infrastructure and other important national systems safe from those who wish to do them harm. https://www.bitlyft.com/resources/what-is-computer-network-defense-cnd
Intrusion Detection System An intrusion detection system (IDS) is a device or software application that monitors a network for malicious activity or policy violations. Any malicious activity or violation is typically reported or collected centrally using a security information and event management system. Some IDS’s are capable of responding to detected intrusion upon discovery. These are classified as intrusion prevention systems (IPS).When placed at a strategic point or points within a network to monitor traffic to and from all devices on the network, an IDS will perform an analysis of passing traffic, and match the traffic that is passed on the subnets to the library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert can be sent to the administrator.There is a wide array of IDS, ranging from antivirus software to tiered monitoring systems that follow the traffic of an entire network. The most common classifications are: Network intrusion detection systems (NIDS): A system that analyzes incoming network traffic. Host-based intrusion detection systems (HIDS): A system that monitors important operating system files. https://www.barracuda.com/glossary/intrusion-detection-system
Digital forensics and incident response Digital Forensics and Incident Response (DFIR) is a specialized cybersecurity functional sub-field traditionally associated with computer emergency response teams (CERT) or computer security incident response teams (CSIRT) called in to respond to a cybercrime or similar emergency.DFIR relies on evidence found in filesystems, operating systems, information system hardware, and other evidentiary sources for the sake of criminal reconstruction. While CERT/CSIRT teams still monopolize most incident response job functions, their advanced tools and techniques are increasingly being incorporated into everyday proactive security practices, such remote forensic triage, in order to level the playing field with sophisticated cybercriminals.Digital Forensics and Incident Response (DFIR) is a specialized cybersecurity functional sub-field traditionally associated with computer emergency response teams (CERT) or computer security incident response teams (CSIRT) called in to respond to a cybercrime or similar emergency. DFIR relies on evidence found in filesystems, operating systems, information system hardware, and other evidentiary sources for the sake of criminal reconstruction. While CERT/CSIRT teams still monopolize most incident response job functions, their advanced tools and techniques are increasingly being incorporated into everyday proactive security practices, such remote forensic triage, in order to level the playing field with sophisticated cybercriminals.Digital forensics provides the necessary information and evidence that the computer emergency response team (CERT) or computer security incident response team (CSIRT) needs to respond to a security incident. https://www.crowdstrike.com/cybersecurity-101/digital-forensics-and-incident-response-dfir/
Endpoint protection Endpoint protection is a term often used interchangeably with endpoint security. Endpoint protection is often used to describe security solutions that address endpoint security issues, securing and protecting endpoints against zero-day exploits, attacks, and inadvertent data leakage resulting from human error. Targeted attacks and advanced persistent threats can’t be prevented through anti-virus solutions alone, making endpoint protection a necessary component of full-spectrum security solutions capable of securing data for the world’s leading enterprises. Endpoint protection solutions provide centrally managed security solutions that protect endpoints such as servers, workstations, and mobile devices used to connect to enterprise networks.Endpoint protection solutions often include network access control functionalities. Essentially, these describes various processes and protocols used to prevent unauthorized access to enterprise networks as well as sensitive data contained within the network or on connected endpoints. Endpoint protection typically evaluates an endpoint before permitting access, such as the operating system, browser, and other applications, ensuring that they are up-to-date and meet defined enterprise security standards before an endpoint (such as a mobile device) is granted access. In doing so, endpoint protection prevents the introduction of security vulnerabilities through devices that don’t meet pre-defined security rules.Endpoint protection in the enterprise environment is managed centrally, through a central administration server that manages and monitors the endpoints connected to the enterprise network. In the consumer environment, endpoint protection may be used to describe anti-virus software and other security solutions, which are managed and monitored on individual endpoints, as there is generally no need for central administration. https://digitalguardian.com/blog/what-endpoint-protection-data-protection-101
Threat Intelligence Threat intelligence, or cyber threat intelligence, is information an organization uses to understand the threats that have, will, or are currently targeting the organization. This info is used to prepare, prevent, and identify cyber threats looking to take advantage of valuable resources. The great unknown; it can be exciting in many situations, but in a world where any number of cyber threats could bring an organization to its knees, it can be downright terrifying. Threat intelligence can help organizations gain valuable knowledge about these threats, build effective defense mechanisms and mitigate the risks that could damage their bottom line and reputation. After all, targeted threats require targeted defense, and cyber threat intelligence delivers the capability to defend more proactively. While the promise of cyber threat intel is alluring in itself, it is important to understand how it works so you can choose the right cyber threat tools and solutions to protect your business.Threat intelligence solutions gather raw data about emerging or existing threat actors and threats from a number of sources. This data is then analyzed and filtered to produce threat intel feeds and management reports that contain information that can be used by automated security control solutions. The primary purpose of this type of security is to keep organizations informed of the risks of advanced persistent threats, zero-day threats and exploits, and how to protect against them. https://www.forcepoint.com/cyber-edu/threat-intelligence
Vulnerability Assessment A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.Examples of threats that can be prevented by vulnerability assessment include:SQL injection, XSS and other code injection attacks.Escalation of privileges due to faulty authentication mechanisms.Insecure defaults – software that ships with insecure settings, such as a guessable admin passwords. There are several types of vulnerability assessments. These include: Host assessment – The assessment of critical servers, which may be vulnerable to attacks if not adequately tested or not generated from a tested machine image. Network and wireless assessment – The assessment of policies and practices to prevent unauthorized access to private or public networks and network-accessible resources. Database assessment – The assessment of databases or big data systems for vulnerabilities and misconfigurations, identifying rogue databases or insecure dev/test environments, and classifying sensitive data across an organization’s infrastructure. Application scans – The identifying of security vulnerabilities in web applications and their source code by automated scans on the front-end or static/dynamic analysis of source code. https://www.imperva.com/learn/application-security/vulnerability-assessment/
Threat & Vulnerability Management Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat and vulnerability management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience. Discover vulnerabilities and misconfigurations in real time with sensors, and without the need of agents or periodic scans. It prioritizes vulnerabilities based on the threat landscape, detections in your organization, sensitive information on vulnerable devices, and business context. Security threats and trends are constantly evolving requiring effective, preemptive efforts for managing threats and vulnerabilities that may compromise your data. RSI Security offers comprehensive consistent intelligence into your company’s data, applications, software and network security risks to pro-actively identify, investigate and respond to threats and security vulnerabilities.We break down the complex task of reducing risk by first conducting an asset inventory to identify all potential targets for a breach or attack. Targets are then classified and continuously monitored for new potential vulnerabilities and tested against threat modeling, which identifies your organization's most valuable assets that are at the highest risk of being compromised. We also consider an attacker’s perspective to provide analysis that can determine vulnerabilities as they develop. https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt?view=o365-worldwide https://www.rsisecurity.com/threat-vulnerability-management/
Security Credentials Credentials refer to the verification of identity or tools for authentication. They may be part of a certificate or other authentication process that helps confirm a user’s identity in relation to a network address or other system ID. The domain of security credentials is responsible for keeping records of all implemented security protocols and industry-specific requirements an organization is obliged to follow.