Recently I obtained the ISC2 Certification in Cybersecurity. In this blog, “Essential Cybersecurity Practices” I have tried to highlight the knowledge that i gained, which is nothing but the best practices needed for securing the digital landscape. Apart from the certification aspect, these essential cybersecurity practices are a must know to anyone who is into the IT field.
In this first section of essential cybersecurity practices, i have briefed upon the topics of security concepts of information assurance, risk management process, security controls and governance elements.
The basic security model that was mentioned in one of my earlier blogs too was the CIA triad, which stands for confidentiality, integrity, and availability. Confidentiality involves protecting data from unauthorized access. Integrity ensures that data has not been altered in an unauthorized manner. Lastly, availability ensures that data is accessible to authorized users when and where it is needed.
In the realm of cybersecurity, threat actors encompass a range of entities. These may include insiders, external individuals seeking vulnerabilities, non-political cyber criminals, political entities like terrorists, and information gatherers, along with technological elements such as free-running bots that may be affiliated with any of the aforementioned groups.
Risk Management Process
In the context of risk management, steps involved in identifying, assessing and prioritizing risks as well as different ways to manage the risks are discussed.
Risk identification is the process of identifying potential risks to an organization’s operations, assets, individuals, or other organizations. This involves identifying and documenting the risks that could impact the organization and its information systems.
Risk assessment is the process of analyzing and evaluating the identified risks to determine their potential impact and likelihood. This involves assessing the risks based on their potential impact, likelihood, and other factors, such as the organization’s risk tolerance and the effectiveness of existing security controls.
Risk treatment is the process of selecting and implementing appropriate controls to manage the identified risks. This involves deciding whether to accept, avoid, reduce, or transfer the risks, and then implementing the appropriate controls to manage the risks. The goal of risk treatment is to reduce the overall risk to an acceptable level.
The various types of security controls include physical control or physical hardware devices, technical controls or logical controls, administrative controls or managerial control aimed at people within the organization.
The various governance elements necessary for effective information security management are procedures, policies, standards and regulations.
Procedures are the detailed steps to complete a task that support departmental or organizational policies. Policies are put in place by organizational governance to provide guidance to all activities to ensure that the organization supports industry standards and regulations. Standards are often used by governance teams to provide a framework to introduce policies and procedures in support of regulations. Regulations are commonly issued in the form of laws, usually from the government and typically carry financial penalties for non-compliance.
Incident Response, Business Continuity and Disaster Recovery
In this section, the focus is mainly on the availability part of the CIA triad and the importance of maintaining availability for business operations. Maintaining business operations during or after an incident, event, breach, intrusion, exploit or zero day is accomplished through the
implementation of Incident Response (IR), Business Continuity (BC), and/or Disaster Recovery (DR) plan. This is one of the essential cybersecurity practices that plays a vital role in providing interruption free service.
Incident Response is a plan that responds to abnormal operating conditions to keep the business operating. It involves four main components: Preparation, Detection and Analysis, Containment, Eradication and Recovery, and Post-Incident Activity. Incident Response teams are typically a cross-functional group of individuals who represent the management, technical and functional areas of responsibility most directly impacted by a security incident. The team is responsible for determining the amount and scope of damage and whether any confidential information was compromised, implementing recovery procedures to restore security and recover from incident-related damage, and supervising implementation of future measures to improve security and prevent the recurrence of incident.
Business Continuity is a plan that focuses on maintaining essential business functions during and after a disruption. It includes a list of the BCP team members, immediate response procedures and checklists, notification systems and call trees, guidance for management, contact numbers for critical members of the supply chain, and how/when to enact the plan.
Disaster Recovery (DR) plan is concerned with restoring IT and communications back to full operations after a disruption. DR planning takes over from where business continuity efforts conclude. The goal of DR is to restore normal operations as quickly as possible after a disaster or other disruptive event. The DR plan includes an executive summary providing a high-level overview of the plan, department-specific plans, technical guides for IT personnel responsible for implementing and maintaining critical backup systems, full copies of the plan for critical disaster recovery team members, and checklists for certain individuals.
Access Control Concepts
Access control is the process of managing who has access to what information or resources in an organization. It involves three elements: subjects (who), objects (what), and rules (how and when). Access controls can be physical or logical. They are used to prevent unauthorized access, enforce the principle of least privilege, and protect the confidentiality, integrity, and availability of information.
Defense in depth is an information security strategy that involves implementing multiple layers of security controls to protect against a variety of threats. Privileged Access Management can help reduce risk by limiting administrative access to only when it is needed. User provisioning is the process of creating, modifying, disabling, or deleting user accounts in an organization’s information systems. Proper user provisioning is an important aspect of access control and can help ensure the confidentiality, integrity, and availability of an organization’s information.
Physical access controls are security measures that are designed to prevent unauthorized access to physical locations, facilities, and equipment. These controls are an important aspect of access control and can help prevent theft, vandalism, and other physical security threats. Examples of physical access controls include fences, mantraps/turnstiles, motion detectors, swipe cards etc.
Logical access controls are security measures that are designed to prevent unauthorized access to information and computer systems. Typically, organizations implement these controls through software to restrict access to specific files, applications, or other resources based on user roles, permissions, or other criteria. Examples of logical access controls include discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC).
Computer networking refers to the practice of connecting two or more computers together to share data, information, or resources. There are many types of networks, such as LAN, WAN, WLAN, VPN, etc., each with its own characteristics and requirements. Devices found on a network can include hubs, switches, routers, firewalls, servers, endpoints/end user devices and many more. Other important network terms include ports, protocols, ethernet, Wi-Fi, IP address, and MAC address. The OSI and TCP/IP models are two common models used to describe network architecture. When setting up and maintaining a network, it’s crucial to consider network security. You can use measures like firewalls, antivirus software, and access controls to safeguard against common threats, including spoofing, DoS/DDoS, viruses, worms, and Trojans.
Network Threats and Attacks
This refers to malicious activities that aim to disrupt or damage computer networks and the devices connected to them. Common types of network attacks include DoS/DDoS attacks, which overwhelm a network with traffic, and man-in-the-middle attacks, which intercept and modify network traffic. Other types of attacks include spoofing, in which an attacker impersonates a legitimate user or device, and phishing, in which an attacker tricks a user into revealing sensitive information. Viruses, worms, and Trojans, among other malware, can compromise network security. To protect against these threats, network administrators can use a variety of security measures, such as firewalls, Antivirus, Intrusion Prevention System and access controls. It is important to stay vigilant and up-to-date with the latest security practices to ensure the safety and integrity of computer networks.
Network Security Infrastructure
Network security infrastructure refers to the collection of hardware, software, and protocols used to protect computer networks from unauthorized access, attacks, and other security threats. It encompasses physical security measures such as power, HVAC, and fire suppression systems in data centres, as well as cloud security measures such as service models (SaaS, IaaS, PaaS) and deployment models (public, private, community, hybrid). Network design terminology, such as network segmentation, VLANs, VPNs, defense in depth, zero trust, and network access control, is also an important part of network security infrastructure. As mentioned in the earlier section, this infrastructure includes devices such as firewalls, intrusion detection and prevention systems, and access control systems, as well as security protocols such as SSL/TLS, IPsec, etc., By implementing a comprehensive network security infrastructure, organizations can help ensure the confidentiality, integrity, and availability of their networks and the data they contain.
In this last topic on essential cybersecurity practices, i will be taking up the topics of data security, system hardening, security policies and security awareness training.
Data security is the practice of safeguarding data from unauthorized access, use, disclosure, disruption, modification, or destruction. It involves implementing various security measures to ensure the confidentiality, integrity, and availability of data. This involves categorizing and labeling sensitive data, setting retention periods, and ensuring its secure disposal when no longer required. Data security demands constant monitoring(Ingress & Egress), testing, and updates to address evolving threats and vulnerabilities.
System hardening reduces the attack surface by applying secure configurations to hardware, communication systems, and software, including operating systems, web servers, application servers, and applications. It involves implementing security controls and risk mitigation strategies to minimize the vulnerabilities and weaknesses of a system. The elements of configuration management, such as inventory, baselines, updates, and patches, make this possible. System hardening follows industry guidelines and benchmarks, like those from the Center for Internet Security (CIS). The goal of system hardening is to make a system more secure and less susceptible to cyber attacks.
Best Practice Security Policies
Best practice security policies ensure data and system confidentiality, integrity, and availability through guidelines and procedures. These policies include data handling, password protection, acceptable use, bring your own device (BYOD), privacy, and change management. Data handling policies ensure the appropriate use of data, while password policies establish guidelines for the appropriate use of passwords. Acceptable use policies define asset, device, and data usage, while BYOD policies set rules for personal device use. Privacy policies safeguard personal data, while change management policies oversee transitions from the present to the future state. These policies adhere to industry standards and best practices, requiring continual monitoring and updates to address evolving threats and vulnerabilities.
Securing Awareness Training
Security awareness training educates stakeholders about information security and safeguarding data and systems from cyber threats. Typically, three types of training are there, namely; education, training, and awareness. Education provides a basic understanding of security concepts and policies, while training focuses on specific skills and procedures. Awareness aims to keep security top of mind and encourage employees to report suspicious activity. You can tailor the training to the security topic(s), organization, position, and/or individual. Security awareness training aims to diminish internal threats by enhancing employee and other stakeholder security awareness. It’s vital in an organization’s security strategy, requiring continuous monitoring and updates for emerging threats and vulnerabilities.
I hope that you find this blog on essential cybersecurity practices useful.
Further Reference :