8 Cyber Security
Cyber Security is a practice of protecting computers systems, and networks from attacks.
People, Process, and Technology
In general, a good practice to cyber security is to follow the PPT (People, process and technology). PPT is also known within ITIL as the Golden Triangle. For example, Target the retail company, implemented a new technology (tool) to monitor zero day malware. The software was installed and was alerting, but the security team ignore or turn off the alerts.
“Like any large company, each week at Target there are a vast number of technical events that take place and are logged. Through our investigation, we learned that after these criminals entered our network, a small amount of their activities was lagged and surfaced to our team” said Target spokeswomen Molly Snyder.
Target, a billion dollar company, spend millions in cyber security. They have the “Technology” and “People”, but they missed their processes of evaluating alerts! Therefore, to have a good “general” security frame. Always, be aware of PPT!.
Defense in Depth
A good cyber security strategy is to use “Defense in Depth”. The Defense in Depth is a military term used during war. Based on Wikipedia, its a strategy that seeks to delay rather than prevent the advance of an attacker, buying time and causing additional casualties by yielding space. In Cyber Security, this strategy does the same, by delaying and not preventing an attack. In an enterprise network with 1000+ nodes. How do you protect all the nodes? Unless you have a cyber person per node, its not possible. Therefore, its best to perform a risk assessment to determine Defense if Depth strategy (DiD). A risk assesment will provide a list of critical asset, which are most to the business. In general, the layer (DiD) approach is the best. For example:
- Network Controls – Who and what
- Workstation Defenses – Antivirus, Antimalware, EDR
- Data Protection – Encryption, ashing, backups
- Perimeter defenses – Network perimeter defenses includes firewall, intrusion detection, proxy, application gateway, DNS sinkhole
- Monitoring and Prevention – Monitoring key and critical systems, logging and auditing, vulnerability management, sandboxing and security awareness training