May 10 2021

City of Tulsa, is the last US city hit by ransomware attack

Category: Information Security,RansomwareDISC @ 8:22 am
City of Tulsa, is the last US city hit by ransomware attack

One of the biggest cities in the US  by population size, the City of Tulsa, was victim of a ransomware attack that affected its government’s network and forced the shutdown of official websites over the weekend.

Shortly after the attack, that took place Friday night, the city issued a statement to inform that no customer information has been comprised in the security breach.

The City’s IT and security staff have shut down impacted internal systems to avoid the spreading of the threat. Emergency services such as 911 and the city’s public safety response will continue to operate normally.

“According to the Tulsa Police Department (TPD), 911 is operational and Tulsa’s public safety response is continuing as normal.” reported the Krmg website.

“As for utility billing, Tulsa police say new account registration is currently unavailable. Tulsans can make a payment on their account and view their bill as a guest as long as they have their new account number and customer ID, plus the name on their account exactly as it appears on their bill.”

The City of Tulsa reported the incident to the authorities and is investigating the infection with the help of external security experts.

The impact is believed to have impacted a small portion of the infrastructure, and internal experts are attempting to recover impacted systems from backups.

Unfortunately, ransomware attacks against cities in the US are very frequent and in many cases the victims opted to pay the ransomware to restore the operations.

City of Tulsa, is the last US city hit by ransomware attack

Tags: Tulsa

May 08 2021

Records and Information Management: Fundamentals of Professional Practice

Category: data security,Information Security,Log ManagementDISC @ 11:06 am

Records and Information Management: Fundamentals of Professional Practice, Fourth Edition presents principles and practices for systematic management of recorded information. It is an authoritative resource for newly appointed records managers and information governance specialists as well as for experienced records management and information governance professionals who want a review of specific topics. It is also a textbook for undergraduate and graduate students of records management or allied disciplines—such as library science, archives management, information systems, and office administration—that are concerned with the storage, organization, retrieval, retention, or protection of recorded information.

The fourth edition has been thoroughly updated and expanded to:

  • Set the professional discipline of RIM in the context of information governance, risk mitigation, and compliance and indicate how it contributes to those initiatives in government agencies, businesses, and not-for-profit organizations
  • Provide a global perspective, with international examples and a discussion of the differences in records management issues in different parts of the world. Its seven chapters are practical, rather than theoretical, and reflect the scope and responsibilities of RIM programs in all types of organizations.
  • Emphasize best practices and relevant standards.

The book is organized into seven chapters that reflect the scope and responsibilities of records and information management programs in companies, government agencies, universities, cultural and philanthropic institutions, professional services firms, and other organizations. Topics covered include the conceptual foundations of systematic records management, the role of records management as a business discipline, fundamentals of record retention, management of active and inactive paper records, document imaging technologies and methods, concepts and technologies for organization and retrieval of digital documents, and protection of mission-critical records. In every chapter, the treatment is practical rather than theoretical. Drawing on the author’s extensive experience supplemented by insights from records management publications, the book emphasizes key concepts and proven methods that readers can use to manage electronic and physical records.

Records and Information Management 4th Edition by Dr. William Saffady now available

Tags: DPO, Information Management, Records Management, Records Managementrecords and information management

May 04 2021

Hospital Operator Takes Network Offline After Major Cyberattack

Category: Cyber Attack,hipaa,Information Security,Network securityDISC @ 10:30 pm

A Californian hospital operator has made the move to take is network offline after it was hit by a major cyberattack. 

Reports state that the Scripps Health computer network that operates across half a dozen hospitals and a number of outpatient facilities in the San Diego, California area was forced to move to offline procedures after hackers launched a major cyberattack. 

The Californian hospital operator says it has contacted law enforcement and government agencies of the cyberattack, but failed to mention specifics of the departments it has informed of the potential data breach. 

Hospital Operator Takes Network Offline After Major Cyberattack 

Data Protection and Privacy in Healthcare

Tags: Major cyberattack

May 02 2021

How to Become a Data Protection Officer

Category: data security,Information SecurityDISC @ 12:05 pm
data protection officer CCO

How to Become a Data Protection Officer

The role of a Data Protection Officer (DPO) is a fairly new one in many companies. What’s more, the need to hire a DPO often comes as a response to the General Data Protection Regulations (GDPR) which were implemented back in 2018.
As such, the responsibilities, reporting and structure of the role are primarily defined by GDPR guidelines.

But though it might be a fairly new role, it can be a very exciting and rewarding one. So if you’re considering a career as a data protection officer, this guide is for you. Below, we’ll take a look at what the role entails and what you need to do to get a job as a DPO.

What is a Data Protection Officer and What Do They Do?

In a nutshell, a data protection officer is a steward for data protection and privacy within a business. They must implement effective data protection strategies and facilitate a culture of data protection throughout the company. This is to ensure companywide compliance with GDPR. The appointment of a DPO is mandatory in some businesses, particularly those in the public sector or those that process a large amount of personal data. That being said, some businesses choose to appoint a DPO even though they are not legally required to as it pays to have someone in charge of compliance and data privacy.

In the general data protection regulations, it is stated that the DPO should report directly to the highest management level. As a DPO, some of the key responsibilities include:

  • Ensuring that a business applies the laws of data protection appropriately and effectively, as
    well as following these regulations and legislations.
  • Educating and training management and all other employees about GDPR and other data protection statutes as well as about compliance and demonstrating effective measures and strategies for data handling and processing.
  • Conducting regular security audits.
  • Acting as the point of contact between the company and any supervisory authorities (SAs). For example, if there is a data breach, it is the job of the DPO to report this to the relevant authorities.

With this in mind, here’s how you can tailor your career path to lead to the role of a data protection officer.

In order to become a DPO, What skills you may need…

Becoming a Data Protection Officer

Certified Data Protection Officer

Data Protection and the Cloud 

Data Protection and the Cloud – Are you really managing the risks?

Tags: data protection officer

Apr 30 2021

The realities of working in and pursuing a career in cybersecurity

Category: CISSP,cyber security,Information SecurityDISC @ 5:50 am
The realities of working in and pursuing a career in cybersecurity

“One of the biggest challenges we have in cybersecurity is an acute lack of market awareness about what cybersecurity jobs entail,” said Clar Rosso, CEO of (ISC)². “There are wide variations in the kinds of tasks entry-level and junior staff can expect. Hiring organizations and their cybersecurity leadership need to adopt more mature strategies for building teams.

“Many organizations still default to job descriptions that rely on cybersecurity ‘all stars’ who can do it all. The reality is that there are not enough of those individuals to go around, and the smart bet is to hire and invest in people with an ability to learn, who fit your culture and who can be a catalyst for robust, resilient teams for years to come.”

cybersecurity career realities

Apr 29 2021

US and allies to take steps to fight a surge in ransomware attacks

Category: Information Security,RansomwareDISC @ 9:54 pm

A task force of 60+ experts from industry, government, nonprofits, and academia calls on the US and allies to take steps to fight a surge in ransomware attacks 

A task force of more than 60 experts from industry, government, nonprofits and academia is urging the U.S. government and global allies to take immediate steps to stem a growing global crisis of cyberattacks in which hackers seize computer systems and data in exchange for a ransom. 

The group, which issued a report today, says swift, coordinated action can disrupt and deter the growing threat of cyberattacks that use ransomware, a malicious software that locks up computer systems so that criminals can demand ransom in exchange for access.

“We’re seeing critical parts of the economy being hit by ransomware, including, for example, health care in particular,” says task force co-chair Megan Stifel, executive director of Americas at the Global Cyber Alliance. “When you start to see a broad scale of victims across multiple elements of the economy being hit there can ultimately, if not abated, be catastrophic consequences.” 

Apr 28 2021

The next big thing in cloud computing?

Category: Cloud computing,Information SecurityDISC @ 9:33 pm
The next big thing in cloud computing? Shh… It’s confidential

For some time, the public cloud has actually been able to offer more protection than traditional on-site environments. Dedicated expert teams ensure that cloud servers, for example, maintain an optimal security posture against external threats.

But that level of security comes at a price. Those same extended teams increase insider exposure to private data—which leads to a higher risk of an insider data breach and can complicate compliance efforts.

Recent developments in data security technology—in chips, software, and the cloud infrastructure—are changing that. New security capabilities transform the public cloud into a trusted data-secure environment by effectively locking data access to insiders or external attackers

This eliminates the last security roadblock to full cloud migration for even the most sensitive data and applications. Leveraging this confidential cloud, organizations for the first time can now exclusively own their data, workloads, and applications—wherever they work.

Even some of the most security-conscious organizations in the world are now seeing the confidential cloud as the safest option for the storage, processing, and management of their data. The attraction to the confidential cloud is based on the promise of exclusive data control and hardware-grade minimization of data risk.

What is the confidential cloud?

Over the last year, there’s been a great deal of talk about confidential computing—including secure enclaves or TEEs (Trusted Execution Environments). These are now available in servers built on chips from Amazon Nitro Enclaves, Intel SGX (Software Guard Extensions), and AMD SEV (Secure Encrypted Virtualization).

Tags: Trusted Execution Environments

Apr 28 2021

Microsoft Defender uses Intel TDT technology against crypto-mining malware

Category: Crypto,Information SecurityDISC @ 2:08 pm
Microsoft Defender uses Intel TDT technology against crypto-mining malware

Microsoft announced that Microsoft Defender for Endpoint, its commercial version of Windows 10 Defender antivirus, implements a new mechanism that leverages Intel’s Threat Detection Technology (TDT) to block cryptojacking malware using

Cryptojacking malware allows threat actors to secretly mine for cryptocurrency abusing computational resources of the infected devices.

The Intel TDT technology allows sharing heuristics and telemetry with security software that could use this data to detect the activity associated with a malicious code. Intel TDT leverages machine learning to analyze low-level hardware telemetry produced by the CPU performance monitoring unit (PMU) and uses it to detect the malware code execution “fingerprint” at runtime. TDT is currently implemented in Intel Core processors and any Intel CPU series that supports Intel vPro technologies, 6th Generation or later.

“Today, we are announcing the integration of Intel Threat Detection Technology (TDT) into Microsoft Defender for Endpoint, an addition that enhances the detection capability and protection against cryptojacking malware.” reads the announcement published by Microsoft. “TDT leverages a rich set of performance profiling events available in Intel SoCs (system-on-a-chip) to monitor and detect malware at their final execution point (the CPU). This happens irrespective of obfuscation techniques, including when malware hides within virtualized guests, without needing intrusive techniques like code injection or performing complex hypervisor introspection. TDT can further offload machine learning inference to the integrated graphics processing unit (GPU), enabling continuous monitoring with negligible overhead.”

Microsoft Defender uses Intel TDT technology against crypto-mining malware

Tags: crypto-mining malware

Apr 28 2021

Ransomware: don’t expect a full recovery, however much you pay

Category: Information Security,RansomwareDISC @ 1:37 pm
Ransomware: don’t expect a full recovery, however much you pay

When it comes to all the various types of malware out there, none has ever dominated the headlines quite as much as ransomware.

Sure, several individual malware outbreaks have turned into truly global stories over the years.

The LoveBug mass-mailing virus of 2000 springs to mind, which blasted itself into hundreds of millions of mailboxes within a few days; so does CodeRed in 2001, the truly fileless network worm that squeezed itself into a single network packet and spread worldwide literally within minutes.

There was Conficker, a globally widespread botnet attack from 2008 that was programmed to deliver an unknown warhead on April Fool’s Day, but never did. (Conficker remains a sort-of unsolved mystery: no one ever figured out what it was really for.)

And, there was Stuxnet, discovered in 2010 but probably secretively active for years before that, carefully orchestrated to spread via hand-carried USB drives in the hope of making it across security airgaps and into undislosed industrial plantrooms (allegedly Iran’s uranium enrichment facility at Natanz).

But none of these stories, as dramatic and as alarming as they were at the time, ever held the public’s attention as durably or as dramatically as ransomware has done since the early 2010s.

Ransomware: don’t expect a full recovery, however much you pay

Apr 27 2021

The hybrid office will create great opportunities—for companies and cybercriminals

Category: Information Security,Open Network,Zero trustDISC @ 10:22 pm

Spring is always a time of renewal, but never more so than this year. After our long winter of forced isolation, the increased accessibility of safe and effective vaccines has many looking forward to shutting off Zoom, putting on some real pants, and emerging to see friends and colleagues in person for the first time in more than a year. Normality, it seems, is just around the corner.

Yet the world has been irrevocably changed by the past year, and the businesses, schools, and other workplaces that we enter back into won’t be the same as the ones we left last March. 

The pandemic accelerated long-standing trends in workplaces across sectors as companies quickly embraced remote work and stood up infrastructure to enable their employees to remain productive while working from home. 

Today we are finding that many of these developments are pretty good—enabling employees to work and be productive from anywhere without the headaches of a commute or a noisy office. And so, as the economy begins to reopen, many are looking for ways to make these temporary solutions more permanent and merge them with more “traditional” forms of working to create a sort of hybrid work environment. 

These new hybrid workplaces will create new opportunities for businesses and will allow us to create organizations that are more flexible, productive, and accessible than ever before. But they can also open up new avenues of uncertainty that could threaten every organization. And make no mistake—cybercriminals know this and are finding ways to take advantage of these vulnerabilities. 

Visit Fortune for the full post.

Tags: Remote Working Policy

Apr 20 2021

Digital business requires a security-first mindset

Category: App Security,Information SecurityDISC @ 9:01 am
Digital business requires a security-first mindset

Digital business mindset

While developing a seamless and successful digital mindset with a security strategy is not a simple task, the effort is crucial for the health of a company. Unfortunately, security tools haven’t always gotten the best rep with developers, who feared the tools would slow them down, reflect poorly on their work, or even cost them their job if something were to go wrong. For example, static application security tools (SAST) often yield false positives requiring significant resources to remediate.

Since remediation advice is often generic, in some cases, developers wind up spending an extensive amount of time reading through lengthy documentation to understand the right fix. So how can organizations create a security-first culture despite these barriers?

Digital business requires a security-first mindset

Tags: security-first mindset

Apr 19 2021

Alarming Cybersecurity Stats: What You Need To Know For 2021

Category: Cyber Attack,Cyber Espionage,Cyber maturity,Cyber resilience,cyber security,Cyber Strategy,Cyber surveillance,Cyber Threats,Cyber War,Cybercrime,Cyberweapons,Information SecurityDISC @ 8:46 am
Cyber Attack A01

The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G,  and especially from greater tactical cooperation among hacker groups and state actors. The recent Solar Winds attack, among others,  highlighted both the threat and sophistication of those realities.

The following informational links are compiled from recent statistics pulled from a variety of articles and blogs. As we head deeper into 2021, it is worth exploring these statistics and their potential cybersecurity implications in our changing digital landscape.

To make the information more useable, I have broken down the cybersecurity statistics in several categories, including Top Resources for Cybersecurity Stats, The State of Cybersecurity Readiness, Types of Cyber-threats, The Economics of Cybersecurity, and Data at Risk.

There are many other categories of cybersecurity that do need a deeper dive, including perspectives on The Cloud, Internet of Things, Open Source, Deep Fakes, the lack of qualified Cyber workers, and stats on many other types of cyber-attacks. The resources below help cover those various categories.

Top Resources for Cybersecurity Stats:

If you are interested in seeing comprehensive and timely updates on cybersecurity statistics, I highly recommend you bookmark these aggregation sites:

 300+ Terrifying Cybercrime and Cybersecurity Statistics & Trends (2021 EDITION) 300+ Terrifying Cybercrime & Cybersecurity Statistics [2021 EDITION] (comparitech.com)·        

The Best Cybersecurity Predictions For 2021 RoundupWhy Adam Grant’s Newest Book Should Be Required Reading For Your Company’s Current And Future LeadersIonQ Takes Quantum Computing Public With A $2 Billion Deal

134 Cybersecurity Statistics and Trends for 2021 134 Cybersecurity Statistics and Trends for 2021 | Varonis

 2019/2020 Cybersecurity Almanac: 100 Facts, Figures, Predictions and Statistics  (cybersecurityventures.com)

Source: The State of Cybersecurity Readiness:

Cyber-Security Threats, Actors, and Dynamic Mitigation

Related article:

Top Cyber Security Statistics, Facts & Trends in 2022

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: Cybersecurity Stats

Apr 17 2021

Majority of Mobile App Vulnerabilities From Open Source Code

Category: Information Security,Mobile SecurityDISC @ 9:49 am
Majority of Mobile App Vulnerabilities From Open Source Code

COVID-19 has impacted everything over the past year, and mobile app security is no exception. The Synopsys Cybersecurity Research Center (CyRC) took an in-depth look at application security, and discovered just how vulnerable apps that use open source code really are. According to the report, 98% of apps use open source code, and 63% of those apps have at least one known vulnerability.

Open source code is no more or less vulnerable than any other code, Jonathan Knudsen, senior security strategist with Synopsys, was quick to point out in an email interview. The prime security task for any organization that uses open source code is how to manage the code correctly.

“The report underscores, among other things, that managing security vulnerabilities in open source software components is a very real problem,” Knudsen said. The challenge lies in the self-service nature of open source use. With no commercial vendor to push out updates and patches, it then becomes the responsibility of the developers and the business to evaluate and monitor for security risks and come up with a strategy for the inevitable security problems.

Adoption of Open Source

Developers turn to open source because it helps them code 20 to 30 times faster than writing their own from scratch; getting a mobile application into the marketplace quickly is a top priority. This need to move fast has created a dependency on open source. It has also led to the prioritization of development over security in many IT organizations just to remain competitive in the market.

“To stay competitive, software development teams must figure out how to write code quickly, while not sacrificing security to create value and preserve competitive advantage for their organizations,” said Yaniv Bar-Dayan, CEO and co-founder at Vulcan Cyber. Until that happens, open source will continue to be the go-to code.

Majority of Mobile App Vulnerabilities From Open Source Code

InfoSec Shop

Apr 11 2021

DISC InfoSec shop

Category: Information SecurityDISC @ 10:06 am
DISC InfoSec shop

Apr 07 2021

Security Recommendations 2021: Taking Stock For The Long Term

Category: Information SecurityDISC @ 2:36 pm
Security Recommendations 2021: Taking Stock For The Long Term

Mar 30 2021

Five signs a virtual CISO makes sense for your organization

Category: CISO,Information Security,vCISODISC @ 11:59 am
Five signs a virtual CISO makes sense for your organization

Here are five signs that a virtual CISO may be right for your organization.

1. You have a lot to protect

Companies produce more data than ever, and keeping track of it all is the first step to securing it. A virtual CISO can identify what data needs to be protected and determine the negative impact that compromised data can have, whether that impact is regulatory, financial or reputational.

2. Your organization is complex

Risk increases with employee count, but there are many additional factors that contribute to an organization’s complexity: the number of departments, offices and geographies; how data is used and shared; the distribution of architecture; and the life cycle of applications, data and the technology stack.

A virtual CISO offers an unbiased, objective view, and can sort out the complexity of a company’s IT architecture, applications and services. They can also determine how plans for the future add complexity, identify and account for the corresponding risk, and recommend security measures that will scale to support future demand.

3. Your attack surface is broad

For many organizations, potential vulnerabilities, especially those that share a great deal of data within the organization, may not be obvious at first glance. Virtual CISOs can identify both internal and external threats, determine their probability and quantify the impact they could have on your organization. And at a more granular level, they can determine if those same threats are applicable to competitors, which can help maintain competitiveness within your market.

4. Your industry is highly regulated

Organizations in regulated industries like healthcare, finance, energy/power and insurance will have data that is more valuable, which could make them a bigger target for bad actors. Exposure is even more of a concern due to potential noncompliance. Virtual CISOs bring a wealth of expertise on regulatory standards. They can implement processes to maintain compliance and offer recommendations based on updates to applicable rules and regulations.

5. Your risk tolerance is low

An organization without a great deal of sensitive data may have a much greater tolerance for risk than a healthcare provider or a bank, but an honest assessment is important in determining how much risk each organization should accept. A virtual CISO can coordinate efforts to examine perceived and actual risk, identify critical vulnerabilities and provide a better picture of risk exposure that can inform future decisions.

Cybersecurity is growing more complex, and organizations of all sizes, especially those in regulated industries, require a proven security specialist who can address the aforementioned challenges and ensure that technology and processes are in place to mitigate security risks.

Tags: auditing CISO compliance, CISO, vCISO

Mar 26 2021

Alan Turing’s £50 banknote officially unveiled

Category: cyber security,Information SecurityDISC @ 9:25 am
Alan Turing’s £50 banknote officially unveiled

Regular Naked Security readers will know we’re huge fans of Alan Turing OBE FRS.

He was chosen in 2019 to be the scientist featured on the next issue of the Bank of England’s biggest publicly available banknote, the bullseye, more properly Fifty Pounds Sterling.

(It’s called a bullseye because that’s the tiny, innermost circle on a dartboard, also known as double-25, that’s worth 2×25 = 50 points if you hit it.)

Turing beat out an impressive list of competitors, including STEM visionaries and pioneers such as Mary Denning (first to unravel the paleontological mysteries of what is now known as Dorset’s Jurassic Coast), Rosalind Franklin (who unlocked the structure of DNA before dying young and largely unrecognised), and the nineteenth-century computer hacking duo of Ada Lovelace and Charles Babbage.

The Universal Computing Machine

Turing was the groundbreaking computer scientist who first codified the concept of a “universal computing machine”, way back in 1936.

At that time, and indeed for many years afterwards, all computing devices then in existence could typically solve only one specific variant of one specific problem.

They would need rebuilding, not merely “reinstructing” or “reprogramming”, to take on other problems.

Turing showed, if you will pardon our sweeping simplification, that if you could build a computing device (what we now call a Turing machine) that could perform a certain specific but simple set of fundamental operations, then you could, in theory, program that device to do any sort of computation you wanted.

The device would remain the same; only the input to the device, which Turing called the “tape”, which started off with what we’d now call a “program” encoded onto it, would need to be changed.

So you could program the same device to be an adding machine, a subtracting machine, or a multiplying machine.

You could compute numerical sequences such as mathematical tables to any desired precision or length.

You could even, given enough time, enough space, enough tape and a suitably agreed system of encoding, produce all possible alphabetic sequences of any length…

…and therefore ultimately, like the proverbially infinite number of monkeys working at an infinite number of typewriters, reproduce the complete works of William Shakespeare.

More on: You can extend the halting problem result in important ways for cybersecurity

Tags: Alan Turing

Mar 25 2021

Chrome to Enforce HTTPS Web Protocol (Like It or Not)

Category: Information Security,Web SecurityDISC @ 1:58 pm
Chrome to Enforce HTTPS Web Protocol (Like It or Not)

If you type in securityboulevard.com, Chrome version 90 will send you directly to the secure version of the site. Surprisingly, that’s not what it currently does—instead, Google’s web browser relies on the insecure site to silently redirect you.

That’s slow. And it’s a privacy problem, potentially. This seemingly unimportant change could have a big—if unseen—impact.

So long, cleartext web. In today’s SB Blogwatch, we hardly knew ye.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Making breakfast.

What a Difference an ‘s’ Makes

What’s the craic? Thomas Claburn reports—“Chrome 90 goes HTTPS by default”:

 Lack of security is currently the norm in Chrome. … The same is true in other browsers. … This made sense in the past when most websites had not implemented support for HTTP.

But these days, most of the web pages loaded rely on secure transport. … Among the top 100 websites, 97 of them currently default to HTTPS. [So] when version 90 of Google’s Chrome browser arrives in mid-April, initial website visits will default to a secure HTTPS connection.

Chrome to Enforce HTTPS Web Protocol (Like It or Not)

Tags: HTTPS Web Protocol

Mar 23 2021

Best Practices for Data Hygiene

Category: data security,Information Security,MetadataDISC @ 2:28 pm
5 Data Hygiene Best Practices To Keep Your Data Reliable - Winpure

Data hygiene consists of actions that organizations can, and should, take as a matter of following not only compliance requirements, but also as part of basic risk management program practices. Consistent, risk-specific data hygiene practices supports not only a very wide range and number of data protection compliance requirements, but performing data hygiene activities also demonstrably improves an organization’s data security effectiveness without significantly increasing IT or information security costs. Most of these actions involve people performing activities that all personnel within an enterprise can take. No specialized tools are typically needed—just some training and ongoing awareness reminders, or periodic use of data management tools.

These actions serve to:

  • limit the amount of data collected to only that which is necessary to support the purposes of the data collection
  • keep data from being modified in unauthorized ways, or accidentally
  • destroy/delete data when it is no longer needed to support the purpose(s) for which it was collected and to meet legal retention requirements
  • prevent access to data to only those entities (devices, individuals, accounts, etc.) that have a business/validated need to access the data
  • not share data with others unless necessary and with the consent of those about whom the data applies, as applicable
  • keep your own personal and business data from being used and posted in ways for which you did not consent or is not necessary to support the purposes for which you originally allowed the data to be collected or derived
  • keep unauthorized entities from accessing data

Source: Best Practices for Data Hygiene

Tags: Data Hygiene

Mar 22 2021

The MITRE Att&CK Framework

Category: Attack Matrix,Information SecurityDISC @ 3:55 pm

A recent article from Gartner states that, “Audit Chiefs Identify IT Governance as Top Risk for 2021.” I agree that IT governance is important but I question how much does the IT governance board understand about the day to day tactical risks such as the current threats and vulnerabilities against a companies attack surface? How are the tactical risks data being reported up to the board? Does the board understand the current state of threats and vulnerabilities or is this critical information being filtered on the way up?

If the concept of hierarchy of needs was extended to cyber security it may help business owners and risk management teams asses how to approach implementing a risk management approach for the business.

There are three key questions to ask:

  1. How confident are you in your organization’s ability to inventory and monitor IT assets? 
  2. How confident are you in your organization’s ability to “detect unauthorized activity”? 
  3. How confident are you in your organization’s ability to identify and respond to true positive incidents within a reasonable time to respond? 
No alt text provided for this image
Source: medium

Layers 1-2 – Inventory and Telemetry – The first two layers are related to asset inventory which is part of the CIS Controls 1-2. How can you defend the vulnerable Windows 2003 server that is still connected to your network at a remote site?

Layers 3-4 – Detection and Triage – These layers are related to a SOC/SIEM/SOAR program which will allow the cyber security team to begin to detect threats through logging and monitoring.

Layers 5-10 – Threats, Behaviors, Hunt, Track, Act – The final layers are threat hunting, tracking and incident response and this is where the MITRE framework is very helpful to identify threats, understand the data sources, build use cases and prepare the incident response playbooks based on real world threat intelligence.

To more about What is the MITRE’s Att&CK Framework? Source: The MITRE Att&CK Framework

Tags: MITRE Att&CK Framework

« Previous PageNext Page »