CC0002 Cybersecurity Module - Cyber Defense - PDF
Document Details
Uploaded by EngagingMiracle9896
Nanyang Technological University
2024
Tags
Summary
This document is a module on cybersecurity defense strategies and emerging technologies, suitable for undergraduate students at Nanyang Technological University in an academic setting. It provides a high-level overview of the topic with some key concepts.
Full Transcript
CC0002 Navigating the Digital World Cyber Defence: Strategies and Emerging Technologies 1 © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Thinking Like a Hacker to Defend © 2024 Nanyang Te...
CC0002 Navigating the Digital World Cyber Defence: Strategies and Emerging Technologies 1 © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Thinking Like a Hacker to Defend © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Thinking Like a Hacker to Defend “ “If you know the enemy and you know yourself, you need not fear the results of a hundred battles.” - Paraphrased from Sun Tzu’s famous quote ” © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Thinking Like a Hacker to Defend Cybersecurity is asymmetric warfare. “ “Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.” ” - John LaTour and others © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Thinking Like a Hacker to Defend © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Thinking Like a Hacker to Defend McKinsey Supply Chain 4.0 Compass © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Thinking Like a Hacker to Defend Homosapiens are the weakest link and the first line of defence © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Governance, Risk and Compliance © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Governance, Risk and Compliance © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Governance, Risk and Compliance Mitigate to REASONABLENESS & ACCEPT residual risk © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Governance, Risk and Compliance © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Governance, Risk and Compliance Defence-in-Depth ⁃ Solution across People ⁃ Process and Technology Breadth Defence-in-Breadth ⁃ 2 Layers of firewall Depth Defence-in-Diversity ⁃ Diverse products and services © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Governance, Risk and Compliance © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Governance, Risk and Compliance © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Governance, Risk and Compliance © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Governance, Risk and Compliance © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Governance, Risk and Compliance Cybersecurity Roles Data Protection & Audit Roles © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Governance, Risk and Compliance © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Incident Response and Crisis Management © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Incident Response and Crisis Management © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Incident Response and Crisis Management © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Incident Response and Crisis Management © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Incident Response and Crisis Management © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Incident Response and Crisis Management © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity Incident Response and Crisis Management Ransom Payment Risks Expertise Required No guarantee for the restoration of data or the return of stolen data Ransom Negotiation without public disclosure. Encourages future attacks against the victim company and others. Ransom Negotiation May run afoul of the U.S. sanctions regime as several law enforcement and regulatory bodies have issued guidance and Legal made public statements discouraging ransomware payments. It is illegal to provide material support to a foreign terrorist organisation, including by paying such an organisation large sums Legal of money. Some state insurance regulators have issued guidance Cyber Insurance discouraging carriers from making ransomware payments. May adversely shape the outlook and reputation of a company for Corp Comms years to come. © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity at the Cutting Edge © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity at the Cutting Edge © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Cybersecurity at the Cutting Edge © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Future for Cybersecurity © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Future for Cybersecurity © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Future for Cybersecurity © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Closing Remarks and Call to Action What do you think you will do differently, now that you are familiarised with both the offensive tactics and defence mechanisms available for cybersecurity? © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Acknowledgements Arranged in order of appearance Urupong. (2020). Business, technology, internet and networking concept [Photograph]. iStockphoto LP. https://www.istockphoto.com/photo/security-gm1263285737-369751351 Chong, R.H. & Teo, T. (2018, August). Red Teaming- "Simulating Social Engineering Threats". Retrieved July 7, 2024, from GovTech Red Team (GovTech Singapore). https://www.singaporehealthcaremanagement.sg/Speakers/Documents/SHM%202018%20Slides/HM%206%20-%20Red%20Teaming%20.pdf Knut Alicke. (2016, October 27). Supply Chain 4.0 – the next-generation digital supply chain. Retrieved Retrieved July 7, 2024, from McKinsey & Company. https://www.mckinsey.com/capabilities/operations/our-insights/supply-chain-40--the-next- generation-digital-supply-chain leremy. (2017). Illustration depicts Internet ransomware, virus, security breached and computer data locked by cyber syndicate criminal [Photograph]. iStockphoto LP. https://www.istockphoto.com/vector/ransomware-locking-a-computer-and-asking- for-money-gm838471826-136760551 Frauenstein, Edwin. (2013). A Framework to Mitigate Phishing Threats. Steven SIM K.L. (2017, November 26). Future-proofing maritime ports against emerging cyber-physical threats. Retrieved July 8, 2024, from SlideShare from Scribd. https://www.slideshare.net/slideshow/futureproofing-maritime-ports-against-emerging- cyberphysical-threats/82771814#41 CSA Singapore. (n.d.). Cyber Essentials- "Cyber Essentials Mark". Retrieved July 7, 2024, from https://www.csa.gov.sg/docs/default-source/our-programmes/support-for-enterprises/sg-cyber-safe-programme/cyber-essentials- mark.pdf?sfvrsn=542c7bf3_16 CSA Singapore. (n.d.). Cyber Trust- "Cyber Trust Mark". Retrieved July 7, 2024, from https://www.csa.gov.sg/docs/default-source/our-programmes/support-for-enterprises/sg-cyber-safe-programme/cyber-trust-mark.pdf?sfvrsn=883199a2_1 CSA Singapore. (n.d.). Cyber Trust. Retrieved August 19, 2024, from https://www.csa.gov.sg/our-programmes/support-for-enterprises/sg-cyber-safe-programme/cybersecurity-certification-scheme-for-organisation/cyber-trust 51Sec. (2018, April 12). Architecture- "Cybersecurity Frameworks and Integrated with TOGAF". Retrieved Retrieved July 7, 2024, from https://blog.51sec.org/2018/12/cyber-security-frameworks-resources.html SkillsFuture Singapore, Infocomm Media Development Authority. (n.d.). Skills Framework For Infocomm Technology. Retrieved July 7, 2024, from https://www.imda.gov.sg/-/media/IMTalent-Portal-Revamp/3-Guidances/Skills-Planning/SF-ICT/ICT- Navigation-Tool-20 SkillsFuture Singapore. (n.d.). Skills Framework for Infocomm Technology- "How does it work?- Skills Map". Retrieved July 7, 2024, from https://www.skillsfuture.gov.sg/skills-framework/ict CSA Singapore. (2021, October). OPERATIONAL TECHNOLOGY (OT) CYBERSECURITY COMPETENCY FRAMEWORK- "CAREER MAP". Retrieved July 7, 2024, from https://www.csa.gov.sg/docs/default-source/csa/documents/publications/otccf/ot- cybersecurity-competency-framework_v5.pdf?sfvrsn=edc6809a_0 Vasu Jakkal. (2021, June 30). The critical role of Zero Trust in securing our world- "Zero Trust’s critical role in helping secure our world". Retrieved July 7, 2024, from Microsoft. https://www.microsoft.com/en-us/security/blog/2021/06/30/the-critical-role- of-zero-trust-in-securing-our-world/ SANS Institute. (2020, July 7). There are 3 levels of threat intelligence – strategic, operational, and tactical – each of which have different audiences and different requirements. [Image attached] [Status update]. Retrieved July 8, 2024 from Facebook. https://www.facebook.com/sansinstitute/photos/a.346220362080734/3079896132046463/?type=3 The Straits Times. (2023, February 18). A hobbyist group said that one of its pico balloons, used to monitor the weather, had gone missing in action over Alaska on Feb 11. [Image attached] [Status update]. Retrieved July 8, 2024 from Facebook. https://www.facebook.com/TheStraitsTimes/posts/10159049322197115/?paipv=0&eav=Afay0J18F62blhguN4n3w2kpTgfTj7GendgP6BE7W970qks8ZwGFNvIiQG18GmZ3KTk&_rdr Amit Bhatia. (2023, February 15). Blog- "Understanding Incident Response Process in Cybersecurity". Retrieved July 8, 2024, from metaorangedigital. https://metaorangedigital.com/blog/incident-response-plan-in-cybersecurity/ © 2024 Nanyang Technological University, Singapore. All Rights Reserved. Acknowledgements Arranged in order of appearance con’t Source: Crump, Jeffrey. "Cyber Crisis Management Anatomy." Cyber Crisis Management Planning: How to reduce cyber risk and increase organizational resilience. 2019. SabySpeaks. (2022, November 5). Are you cyber resilient?. Retrieved July 8, 2024, from Medium. https://medium.com/@sabyspeaks/-1e3adc7ece82. Image Source: World Economic Forum. Joe Ariganello. (2023, October 24). Insights and Trends from Gartner Emerging Tech Impact Radar: Security- "The Radar at a Glance". Retrieved July 8, 2024, from MixMode, Inc. https://mixmode.ai/blog/insights-and-trends-from-gartner-emerging-tech- impact-radar-security/. Image Source: Gartner(785546_C). Gartner [@Gartner_inc]. (2022, June 9). "Use the #AI use-case prism for #cybersecurity as a guide to choose higher value and lower development risk AI innovation technologies." #GartnerSEC [Image attached] [Post]. X. https://x.com/Gartner_inc/status/1534612243228368897 Ghosh, U., Das, D., & Chatterjee, P. (2023). A Comprehensive Tutorial on Cybersecurity in Quantum Computing Paradigm. https://doi.org/10.36227/techrxiv.22277251.v1 zaricm. (2019). Cat chasing a mouse [Photograph]. iStockphoto LP. https://www.istockphoto.com/vector/cat-chasing-a-mouse-gm1160000381-317386383?searchscope=image%2Cfilm LoveTheWind. (2019). Group of people on peak mountain climbing helping team work [Photograph]. iStockphoto LP. https://www.istockphoto.com/photo/group-of-people-on-peak-mountain-climbing-helping-team-work-travel-trekking-success- gm1135670850-302201417?searchscope=image%2Cfilm © 2024 Nanyang Technological University, Singapore. All Rights Reserved.
