IT SEC REVIEWER.pdf

Full Transcript

IT SECURITY MANAGEMENT REVIEWER
By: Kaichee

IT ENVIRONMENT o Security mechanisms are
subjected to regular
- Consists of multitude of testing
hardware, network, & software 3. Managing security incidents
components o Identify/fight intrusions &
IT INFRASTRUCTURE minimize damages
4. Security review
- Can be on o Review whether safety
premises/cloud/hybrid measures & processes are
in accordance with risk
IT MANAGEMENT
perceptions from business
- Monitoring & administration of side
organization’s IT systems (IT
CHIEF INFORMATION OFFICER (CIO)
environment)
- Focuses on how to make IS - Heads of IT departments
operate efficiently - Determine IT strategies & goals
- Believe their roles will evolve in
IT MANAGERS
next 2-3 years
- Monitor & govern IT systems o From maintenance &
1. Determine Business management to higher-
Requirements value, strategic activities
2. Manage IT Budgets & Costs o Digital transformation
3. Monitor Safety & Compliance ▪ Requires innovation
4. Controlling System & & strategic
Network Security enablement
5. Implement New Software, - “Implement meaningful digital
Hardware & Data Systems change through the creation of
6. Provide Technical/Help Desk new tools, solutions & business
Support models”
- Job = generalists
IT SECURITY MANAGEMENT
ROLES & TITLES
- Monitoring & administration of
an organization’s IT systems CHIEF INFORMATION SECURITY
used in securing information & OFFICER (CISO)
data (hardware, software,
- Senior-level executive
networks)
- Oversees organization’s
- Guarantees CIA
information/cyber/technology
o Confidentiality
security
o Integrity
- Job = focused on security
o Availability
VP OF INFORMATION SECURITY
IT SECURITY MANAGEMENT SUB-
PROCESSES - Signifies top executive
- Responsible for overall direction
1. Designing security controls
& leadership of information
o Design
security program
organizational/technical
- Develops & enforces policies
measures to guarantee
CIA VP OF CYBERSECURITY
2. Security testing
IT SECURITY MANAGEMENT REVIEWER
By: Kaichee

- Leading organization’s efforts to - Frontline defenders
defend against cyber attacks - Monitor, analyze, & improve
- Responsible for threat security measures
intelligence, security operations - Role serves as an introduction to
& incident response strategies field of information security
management
VP OF SECURITY ARCHITECTURE
INCIDENT RESPONSE
- Centered on design & COORDINATOR
implementation of secure
infrastructure - Key players in managing
- Oversees development of security response to security breaches &
frameworks attacks
- Integrates protective measures - Work to quickly contain
into IT architecture incidents
- Role is critical for underst&ing
VP OF SECURITY COMPLIANCE & dynamics of incident
RISK management & develop strategic
- Ensure organization complies response plans
with relevant laws, regulations, EMERGING POSITIONS
& industry st&ards
- Manages audits, risk CLOUD SECURITY MANAGER
assessments, & compliance
initiatives - Reflects shift towards cloud-
based infrastructure
SECURITY ADMINISTRATOR
THREAT INTELLIGENCE MANAGER
- Day-to-day management of
security technology systems - Focuses on proactive
- Install, administer, & identification & mitigation of
troubleshoot organization’s cyber threats
security solutions DEVSECOPS MANAGER
- H&s-on role
- Integration of security practices
IT SECURITY SPECIALIST within development & operations
- Focuses on the technical aspects lifecycle
of information security (network CYBERSECURITY
security, encryption, firewall
administration) - Studying & protecting computer
- Assist in conducting security systems from misuse
assessments & implementing
CYBERSECURITY CULTURE
security measures
- Knowledge, beliefs, perceptions,
CYBERSECURITY CONSULTANT
attitudes, assumptions, norms,
(ENTRY-LEVEL)
& values of people regarding
- Work with clients cybersecurity
- Collaborate with various - Good
departments o Both organizational &
- Consultative role individual determinants of
culture alight with the
INFORMATION SECURITY ANALYST
IT SECURITY MANAGEMENT REVIEWER
By: Kaichee

organization’s approach to ▪ Individualism vs.
cyber security collectivism
▪ Long-term vs.
NEED FOR CSC short-term
- Result of human actors orientation
- Employees views them as ▪ Indulgence vs.
guidelines rather than rules restraint
- Technologies cannot protect 3. Information Security Culture
organizations if incorrectly o Attitudes, assumptions,
integrated & utilized beliefs, values, &
knowledge drive employee
HUMAN FACTORS THAT IMPACT CSC behaviors related to
organization’s information
- Psychological factors
& IS
o “The burning oil platform
metaphor” BUILDING A CSC
▪ Take initiative for
change 1. Set up core CSC work group
- Compliance & personality 2. Business underst&ing & risk
- Social environment assessment
3. Define main goals, success
ORGANIZATIONAL CSC criteria, & target audiences
4. Calculate ‘as-is’ & do gap
1. Organizational Culture
analysis between as-is & your
o Components
goals
▪ Belief systems
5. Select one or more activities
▪ Values
6. Run selected activities
▪ Artifacts &
7. Rerun as-is & analyze results
creations
8. Review & consider results before
o Orientation
deciding on next action
▪ Support
Employee’s TELKOM’S CSC
spirit of
sharing - Identified employees as weakest
▪ Innovation point in cybersecurity defenses
Organization - Need to provide internal training
is open to o Had to chance the culture
change of thinking
▪ Rules - Success because of:
Respect for o Analysis & alignment of
authority strategies
▪ Goal o Selection of right parent
o People, not technologies
Clear
o Cooperation among
specification
members
of targets
o Communication &
2. National Culture
feedback
o Focuses on cross-cultural
o Support from top
perspective
management
o Taxonomy of national
culture by Hofstede BANGLADESH BANK HACKING
IT SECURITY MANAGEMENT REVIEWER
By: Kaichee

- Dridex malware o Created by Robert Tappan
o Installed within Morris
Bangladesh Central Bank o Security flows in Berkeley
System (January 2016) Software Distribution
o Gathered information on (BSD) of UNIX
SWIFT - Precipitated DARPA’s Response
- $20 million to Worm incident in November
o Supposed to be 1998, disabled 10% of Internet
transferred to Shalika o Creation of CERT/CC by
Foundation but spelling SEI
error gained suspicion ▪ Software
from Deutsche Bank Engineering
- $81 million to five accounts in Insitute
RCBC foreign exchange broker o Morris charged &
returned to RCBC consolidated convicted under CFAA of
under one account 1986
- Bangladesh requested to freeze o Stimulated thinking &
transfers (Chinese New Year) research into critical
- Suspicion infrastructure protection
o State-funded hackers from
North Korea IMPORTANCE OF CERT

SWIFT 1. Incident response & mitigation
2. Proactive security monitoring
- Society for Worldwide Interbank 3. Coordination of cybersecurity
Financial Telecommunications efforts
- Member-owned cooperative 4. Recovery & restoration
- Provides safe & secure financial 5. Training & awareness
transaction 6. Vulnerability assessment &
management
COMPUTER EMERGENCY RESPONSE 7. Research & threat intelligence
TEAM (CERT) sharing
- Group of information security 8. Policy & guideline development
experts CERT/CC
- Responsible for protection
against, detection of & response - SEI of Carnegie Mellon
to an organization’s University established CERT/CC
cybersecurity incidents in 1988
- Focus on resolving data breaches o Pittsburgh, Pennsylvania
& denial-of-service attacks, - Mission is to respond to security
provides alerts & incident h&ling emergencies on Internet
guidelines
- Originally knowns as Computer SEI & CERT
Emergency Response Team - CERT designator is no longer an
Coordination Center acronym, but a trademarked
(CERT/CC) symbol
HISTORY OF CERT - SEI now refers to its CERT
division as CERT/CC
- Robert Morris Worm - Carnegie Mellon’s trademark
encouraged the use of Computer
IT SECURITY MANAGEMENT REVIEWER
By: Kaichee

Security Incident Response o United Kingdom
Team (CSIRT) instead of CERT 6. CERT/CC
o Other acronyms came into o Created by Defense
common use Advanced Research
▪ IRT, US-CERT, Projects Agency (DARPA)
CSIRC, CIRC, CIRT, & run by SEI
IHT, IRC, SERT,
SIRT CERT FUNCTIONS

CERT NAME - Provide effective incident
response to computer security
- An established CSIRT can issues
request license to use CERT - Responds to computer
designator from SEI at no cost vulnerabilities
- Obtaining license allows team to - Protect, Detect, & Respond
be listed on SEI website as an Model
authorized user of the CERT
designator PDR MODEL
- CMU encourages use of CSIRT as 1. Protect
generic term for h&ling computer o Measures & precautions
security incidents to secure its computers
o CMU licenses CERT mark 2. Detect
NATIONAL COMPUTER EMERGENCY o Recognizing security
RESPONSE TEAM (NCERT) incidents
o Network must be
- Receiving, reviewing, & documented & baselined
responding to computer security ▪ Software Asset
incidents Management
- Systematic information (SAM) program
gathering/dissemination ▪ Application
- Guide on how to h&le management &
cybersecurity incidents security program
- Coordination & collaboration ▪ Change,
with stakeholders configuration, &
patch management
REGIONAL TEAMS programs
1. AusCERT ▪ B&width utilization
o Australia & Asia/pacific baseline & routine
region b&width checks
2. CERT MAHER ▪ Network flow
o Maher Center of Iranian baselines &
National CERT continuous
3. MyCERT monitoring
o Malaysia 3. Respond
o Established in 1997 & is o Analyze incident to
now part of CyberSecurity underst& what’s occurring
Malaysia & why
4. SingCERT o Stop further damage from
o Singapore occurring
5. National Cyber Security Centre
IT SECURITY MANAGEMENT REVIEWER
By: Kaichee

NATIONAL INSTITUTE OF ST&ARDS of programs, projects, &
& TECHNOLOGY (NIST) activities
o Organize trainings &
- Developed own incident response conducts seminars for
model CSIRT
- Uses “contain, eradicate, &
recover”
- SP-800-61
CERT-PH
- 2016
o DICT formed
- 2019
o Authorized use of CERT
mark
- 2020
o CERT-PH as official name
of NCERT
o Department Circular 003
s. 2020
▪ March 6, 2020
CERT-PH FRONTLINE SERVICES
1. Cyber Incident Response (CIR)
o Incident Management,
Analysis, Coordination
o H&les & responds to
incidents
o Provide assistance for
remediation
2. Cyberthreat Intel & Monitoring
(CTIM)
o Collection & analysis of
data
3. Security Operations Center
(SOC)
o Serves as centralized
facility for detection,
monitoring, & rapid
response
4. Cybersecurity Assessment &
Testing (CAT)
o Conducts cybersecurity-
related assessment
5. CERT Cooperation &
Knowledge Management
(CCKM)
o In-charge of planning,
implementation,
monitoring, & evaluation