Week 2 - Lecture 2 - Cybersecurity Strategy and Framework PDF

Summary

This document is a lecture on cybersecurity strategy and framework, covering topics such as ransomware and its different types, how it works, and security controls. It also discusses physical security, data center security, and the human factors in security.

Full Transcript

CSEC1001K : Foundation of
Computing and Cyber
Security

Week 2
Lecture 2: Cyber Security
Strategy, Controls and
Framework
Outline
Cyber Security Strategy
Cyber Security Controls
Cyber Security Framework
Physical Security
A Cyber Security Strategy
A Cyber Security Strategy

It is a high-level plan for how an organization will
secure its assets during the next three to five
years. As technology and cyber threats can both evolve
unpredictably, the cyber security strategy is used to get
updated sooner than three years.

https://preyproject.com/blog/cybersecurity-frameworks-101
Cyber Security Controls
Cyber Security Controls

Security controls are countermeasures or
safeguards used to reduce the chances that a
threat will exploit a vulnerability. They are used
to develop/implement your Cyber Security strategy.

https://purplesec.us/security-controls/#SecurityControls
Controls / Countermeasures

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Controls / Countermeasures

https://purplesec.us/security-controls/#SecurityControls
Top Security Threats
Crypto Ransomware

A type of malware that restricts access to the infected computer
system in someway and demands that the user pay a ransom to
the malware operators to remove the restriction.
Examples:
Encrypt personal files (images, movie files, documents, text
files)
Encrypt files on shared network drives/resources Lock
system access using login Crash system through resource
use
How Does It Work?
How is it injected? Botnet

Phishing Email
Drive-By
Download
Malicious App
Malicious
websites
Legitimate
websites that
have malicious
Security exploits
code injected
in vulnerable
software
>200 Crypto-Ransomware Families Badrabbit

Wannacry

LockDroid KeRanger

CryptoApp PayCrypt

Encryptor RaaS XRTN Job Cryptor

Default payment method Troldesh VaultCrypt Hi Buddy

Coinvault Tox Radamant Vipasana

Zerolocker Cryptvault Unix.Ransomcrypt Hydracrypt

Cryptowall TorrentLocker BandarChor CryptInfinite Umbrecrypt

Gpcoder Reveton Urausy Nymaim Onion TeslaCrypt LowLevel404 Locky

2016
2005 - 2012 2013 2014 2015
2017
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1

Kovter Browlock Linkup Slocker Cryptolocker2015 Dumb Ransom32 73v3n

CTB-Locker/Citron Simplocker Maboua OSX POC CryptoJocker

Synclocker Pacman Power Worm Nanolocker

To hide C&C server Virlock Pclock DMA-Locker LeChiffre

Threat Finder Gomasom Magic

Hidden Tear Chimera Locker Ginx

ORX-Locker
To Pay or Not to Pay!

https://www.malwarebytes.com/pdf/white-papers/UnderstandingTheDepthOfRansomwareIntheUS.pdf
WannaCry-Ransom Note (May 2017)

What about
the
traceability
of the bitcoin
adresses?
Security Controls to Address
Ransomware
A Cyber Security Framework
A Cyber Security Framework

A Cyber Security framework is a system of standards,
guidelines, and best practices to manage risks that
arise in the digital world. They typically match the
objectives of your cyber security strategies, like
avoiding unauthorized system access, with the proper
security controls, like requiring a username and password.

https://www.techtarget.com/searchsecurity/tip/How-to-develop-a-cybersecurity-strategy-Step-by-step-guide
Cyber Security Strategy
Physical Security
Technology and Security

“If you think technology can
solve your security problems,
then you don't understand the
problems and you don't
understand the technology. “

--Bruce Schneier
Physical Protection System
Terminology
– Safety refers to the systems that react to
abnormal events by minimizing their
impact, preserving human life, and protecting
properties
Event examples: fire, flood, earthquakes, natural
or human accidents

– Security represents the systems that delay,
detect, prevent, respond to, interrupt a human
adversary
Event examples: industrial espionage, direct
facility attack, insider theft, employee strike
The Goal of Physical Security

To provide a safe environment
for all assets and interests of
the organization.
First Requirement

Life Safety
Safety of people is the primary
concern.

In an emergency situation, the organization
must ensure
the safety of personnel before the safety
of the facility.
Threats to Physical Security

Natural/Environmental (e.g., earthquakes, floods, storms,
hurricanes, fires)
Threats to Physical Security

Utility Systems (e.g., communication outages, power
outages)
Threats to Physical Security

Human-Made/Political Events (e.g., explosions, vandalism, theft,
terrorist attacks, riots)
CPNI
– Centre for the Protection of National
Infrastructure
The government authority for protective security
advice to the UK national infrastructure.
To protect national security by helping to reduce
the vulnerability of the national infrastructure to
terrorism and other threats.
Accountable to the Director General of MI5
– Provide advice to industry
– Publish free advice
General Advice
Physical Security
Personnel Security
Cyber Security
https://www.cpni.gov.uk
CBR

– Chemical, Biological and Radiological
defence
– Filter Air Conditioning
– Plan shutdown of systems that will spread
airborne hazards (Fans, Computers)
– Ensure doors and windows can be closed
quickly
– Have a plan
https://www.dst.defence.gov.au/partnership/chemical-biological-and-radiological-defence-cooperative-program
A Layered Defense Model
Perimete
r
Building
Grounds
Building
Entrance
Building Floors/Office
SuitesCenters
Offices/Data
Equipment/Supplies, Media
Start with a Detailed Site Selection
Process
– Where and how a building should be built?
Does your business have specific physical security concerns?
Is it vulnerable to crime, riots, or terrorist attacks?
Is it vulnerable to natural disasters?
Where is it located in relationship to adjacent buildings and/or
other businesses?
How far away is it to other types of threats?
What are neighborhood crime rates and types?
SAPMA
– Security Assessment for Protectively Marked
Assets
– Based on 3 primary elements:
Delay
Deter
Detect
– You have to get above a specific score to pass
at a specific level
Delay

– Secure Storage
Containers
Locks
– Perimeter
Fences
Building Entry Point Protection: Locks
– Most accepted and used physical security device
– To keep honest people out but for unauthorized people who
wish to gain access, locks are easily picked and keys can be
readily duplicated.
– All lock types are subject to force and special tools that
can be used to gain entry!
– Should be just one aspect of many physical security
controls!
Building Entry Point Protection: Electronic
Physical Controls
– Card Access Controls or Biometric Systems
Smart cards, Magnetic Stripe cards, etc.
Fingerprint, retina scans, signature dynamics, voice
recognition, etc.
Deter

– Entry Control
– Visitor Control
– Access Oversight
Guards
– Compliance Checks
Searches
Controlled Access Points: Fences
– To enclose security areas and property boundaries.
– Federal, state, or local codes may apply (depending on your
location and industry).
– No parking should be allowed near fences.
Controlled Access Points: Gates &
Bollards
– Gates
The number of gates should be kept to the minimum necessary.
– Bollards
Bollards have a variety of sizes and shapes depending on the
use.
Retractable bollards are designed for use in traffic control.
Provides security against vehicles ramming into, or stopping
near buildings.
Guards and Guard Stations
– Guards
Can provide a deterrent
Must be motivated and attentive
What might happen if they
– are bored or distracted (by TVs, surfing the Internet)?
– Guard Stations
Ensure clear sight lines and access to main doors
If in a high threat environment, guard stations are constructed
with bulletproof walls, doors, or windows.
Data Center or Server Room Security
– Walls: Construct the room as a single unit to prevent digging.
– Solid, fire-proof, etc.
– Multi-Factor Access Controls (badge/smart cards/biometric
devices).
– Post an access control list on the outside of the door, indicating
who is allowed.
– Have access control policies for daytime use, after-hour use, or
during an emergency.
– Closed-circuit television (CCTV) to view visitors.
Detect
– Guard Provision
– Building Detection
Intrusion Detection System (IDS)
o Detection systems within a building
CCTV
o Also known as video surveillance
– Perimeter Detection
Perimeter Intruder Detection System (PIDS)
o Detections systems around the perimeter of a
site
o CCTV
Consider the human factors

Pre-Employment Screening
Ongoing Personnel Security
Remote Working
Security Culture
Insider Threat

Humans are the weakest link in any security system
Motivation of Insider Threats
– Financial gain
– Competitive advantage
– Political
– Knowledge
– Terrorism
– Revenge
– Power
– Curiosity
Questions